[MAGNOLIA-6162] Improve TemplatingFunctions#externalLink: Handle # anchor links and escape the link to prevent injection attack Created: 10/Apr/15  Updated: 15/Apr/15  Resolved: 10/Apr/15

Status: Closed
Project: Magnolia
Component/s: templating, templating components
Affects Version/s: None
Fix Version/s: 5.4

Type: Improvement Priority: Neutral
Reporter: Philip Mundt Assignee: Philip Mundt
Resolution: Fixed Votes: 0
Labels: quickwin
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
dependency
is depended upon by MTE-8 Link and LinkList components for Basi... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Date of First Response:

 Description   

Using "external links" for anchors is currently the only way to manually create a TOC. When using the method info.magnolia.templating.functions.TemplatingFunctions#externalLink(javax.jcr.Node, java.lang.String) when only providing an anchor #anchor the link is prepended with http:// resulting in a broken link http://#anchor. Anchors should not be prepended with http://. Links should also be escaped.

Also the link should be escaped to prevent injection attack.



 Comments   
Comment by Christopher Zimmermann [ 13/Apr/15 ]

Changed title and description to reflect the commit based on Sasha's input.

Generated at Mon Feb 12 04:11:53 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.