Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Critical
Fix Version/s: 2.5
Affects Version/s: 2.0
Component/s: templates
Labels:
None

Template:
Acceptance criteria:

Empty

show more show less

Due to changes by ~~MGNLSTK-1103~~ and ~~MAGNOLIA-4866~~ are most of values in FTL templates already escaped.

remove escaping from templates

Cover the cases where are values still not escaped:

Nodes taken by identifier in model classes.
Contents taken by querries.
Assets (~~MGNLDAM-171~~).

Acceptance criteria

clones

MGNLSTK-1095 Escape values for rendering, don't escape already escaped values - 4.5

Closed

depends upon

MAGNOLIA-4866 Make sure every node and property returned by HTML or I18N wrappers are wrapped

Closed

MGNLDAM-171 XSS vulnerability of Assets

Closed

MAGNOLIA-4873 Throw IAE in DelegateNodeWrapper.setWrappedNode() when node is already wrapped with this class - port to master

Closed

MGNLSTK-1103 Wrap nodes with HTMLEscapingNodeWrapper before rendering - port to master

Closed

Assignee:: Roman Kovařík

Reporter:: Roman Kovařík

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 27/Feb/13 8:49 AM

Updated:: 18/Mar/13 12:56 PM

Resolved:: 13/Mar/13 3:44 PM