Details
-
Bug
-
Resolution: Fixed
-
Critical
-
2.0
-
None
-
-
Empty show more show less
Description
Due to changes by MGNLSTK-1103 and MAGNOLIA-4866 are most of values in FTL templates already escaped.
- remove escaping from templates
Cover the cases where are values still not escaped:
- Nodes taken by identifier in model classes.
- Contents taken by querries.
- Assets (
MGNLDAM-171).
Checklists
Attachments
Issue Links
- clones
-
MGNLSTK-1095 Escape values for rendering, don't escape already escaped values - 4.5
-
- Closed
-
- depends upon
-
MAGNOLIA-4866 Make sure every node and property returned by HTML or I18N wrappers are wrapped
-
- Closed
-
-
MGNLDAM-171 XSS vulnerability of Assets
-
- Closed
-
-
MAGNOLIA-4873 Throw IAE in DelegateNodeWrapper.setWrappedNode() when node is already wrapped with this class - port to master
-
- Closed
-
-
MGNLSTK-1103 Wrap nodes with HTMLEscapingNodeWrapper before rendering - port to master
-
- Closed
-