[MAGNOLIA-8055] Ensure TemplatingFunctions wrap Node with HTMLEscapingNodeWrapper Created: 12/Apr/21  Updated: 29/Apr/21  Resolved: 29/Apr/21

Status: Closed
Project: Magnolia
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Neutral
Reporter: Federico Grilli Assignee: Federico Grilli
Resolution: Not an issue Votes: 0
Labels: maintenance
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
relation
Template:
Acceptance criteria:
Empty
Task DoR:
Empty
Sprint: Maintenance 55

 Description   

See related MGNLUI-6589



 Comments   
Comment by Federico Grilli [ 29/Apr/21 ]

Risk of breaking existing code too high - templating functions may be used also in the back end and rely on certain characters not to be escaped. Will just fix the XSS in the few places in where we know it happens (assets, tours, categorization, MTE?)

Generated at Mon Feb 12 04:29:14 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.