-
Improvement
-
Resolution: Fixed
-
Major
-
None
-
None
-
None
-
-
Empty show more show less
MAGNOLIA-4011 introduces unwrapping nodes before rendering because of problem with multiple escaping.
Unfortunately This change causes XSS vulnerability of most FTL templates.
- Don't unwrap nodes from HTMLEscapingNodeWrapper before rendering.
- Wrap nodes with HTMLEscapingNodeWrapper if they are not wrapped already.
Acceptance criteria
- clones
-
MGNLSTK-1101 Wrap nodes with HTMLEscapingNodeWrapper before rendering - 2.0.x
- Closed
- is depended upon by
-
MGNLSTK-1105 Escape values for rendering, don't escape already escaped values - port to master
- Closed