[MGNLSTK-1105] Escape values for rendering, don't escape already escaped values - port to master Created: 27/Feb/13  Updated: 18/Mar/13  Resolved: 13/Mar/13

Status: Closed
Project: Magnolia Standard Templating Kit (closed)
Component/s: templates
Affects Version/s: 2.0
Fix Version/s: 2.5

Type: Bug Priority: Critical
Reporter: Roman Kovařík Assignee: Roman Kovařík
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Cloners
clones MGNLSTK-1095 Escape values for rendering, don't es... Closed
dependency
depends upon MAGNOLIA-4866 Make sure every node and property ret... Closed
depends upon MGNLDAM-171 XSS vulnerability of Assets Closed
depends upon MAGNOLIA-4873 Throw IAE in DelegateNodeWrapper.setW... Closed
depends upon MGNLSTK-1103 Wrap nodes with HTMLEscapingNodeWrapp... Closed
Template:
Acceptance criteria:
Empty

 Description   

Due to changes by MGNLSTK-1103 and MAGNOLIA-4866 are most of values in FTL templates already escaped.

  • remove escaping from templates

Cover the cases where are values still not escaped:

  1. Nodes taken by identifier in model classes.
  2. Contents taken by querries.
  3. Assets (MGNLDAM-171).


 Comments   
Comment by Roman Kovařík [ 27/Feb/13 ]

Port to 4.5 is registered under MGNLSTK-1095

Generated at Mon Feb 12 07:33:26 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.