[MAGNOLIA-8055] Ensure TemplatingFunctions wrap Node with HTMLEscapingNodeWrapper Created: 12/Apr/21 Updated: 29/Apr/21 Resolved: 29/Apr/21 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Neutral |
| Reporter: | Federico Grilli | Assignee: | Federico Grilli |
| Resolution: | Not an issue | Votes: | 0 |
| Labels: | maintenance | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Template: |
|
||||
| Acceptance criteria: |
Empty
|
||||
| Task DoR: |
Empty
|
||||
| Sprint: | Maintenance 55 | ||||
| Description |
|
See related MGNLUI-6589 |
| Comments |
| Comment by Federico Grilli [ 29/Apr/21 ] |
|
Risk of breaking existing code too high - templating functions may be used also in the back end and rely on certain characters not to be escaped. Will just fix the XSS in the few places in where we know it happens (assets, tours, categorization, MTE?) |