-
Bug
-
Resolution: Fixed
-
Critical
-
2.0
-
None
-
-
Empty show more show less
Due to changes by MGNLSTK-1103 and MAGNOLIA-4866 are most of values in FTL templates already escaped.
- remove escaping from templates
Cover the cases where are values still not escaped:
- Nodes taken by identifier in model classes.
- Contents taken by querries.
- Assets (
MGNLDAM-171).
- clones
-
MGNLSTK-1095 Escape values for rendering, don't escape already escaped values - 4.5
- Closed
- depends upon
-
MAGNOLIA-4866 Make sure every node and property returned by HTML or I18N wrappers are wrapped
- Closed
-
MGNLDAM-171 XSS vulnerability of Assets
- Closed
-
MAGNOLIA-4873 Throw IAE in DelegateNodeWrapper.setWrappedNode() when node is already wrapped with this class - port to master
- Closed
-
MGNLSTK-1103 Wrap nodes with HTMLEscapingNodeWrapper before rendering - port to master
- Closed