[MGNLSTK-1103] Wrap nodes with HTMLEscapingNodeWrapper before rendering - port to master Created: 27/Feb/13  Updated: 18/Mar/13  Resolved: 12/Mar/13

Status: Closed
Project: Magnolia Standard Templating Kit (closed)
Component/s: None
Affects Version/s: None
Fix Version/s: 2.5

Type: Improvement Priority: Major
Reporter: Roman Kovařík Assignee: Roman Kovařík
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Cloners
clones MGNLSTK-1101 Wrap nodes with HTMLEscapingNodeWrapp... Closed
dependency
is depended upon by MGNLSTK-1105 Escape values for rendering, don't es... Closed
Template:
Acceptance criteria:
Empty

 Description   

MAGNOLIA-4011 introduces unwrapping nodes before rendering because of problem with multiple escaping.
Unfortunately This change causes XSS vulnerability of most FTL templates.

  1. Don't unwrap nodes from HTMLEscapingNodeWrapper before rendering.
  2. Wrap nodes with HTMLEscapingNodeWrapper if they are not wrapped already.


 Comments   
Comment by Roman Kovařík [ 27/Feb/13 ]

Port to 4.5 is registered under MGNLSTK-1101.

Generated at Mon Feb 12 07:33:25 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.