Change HtmlUtil.escapeAttribute(HtmlUtil.escapeHREF(...)) to HtmlUtil.escapeHREF(...)

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 6.1.1 CE GA2, 6.1.20 EE GA2
Fix Version/s: 6.1.X EE, 6.2.0 CE M5
Component/s: API, API > Utils
Labels:
- QA-C

Description

Change HtmlUtil.escapeAttribute(HtmlUtil.escapeHREF(...)) to HtmlUtil.escapeHREF(...) so that it's easier to escape HREF (i.e., escapeHREF should automatically call escapeAttribute). Since href is also an attribute, we can safely make this change.

Issue Links

is related to

LPS-33183 XSS vulnerability on page which type is "Embedded"

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Brian Chan added a comment - 04/Mar/13 9:04 AM

This ticket is required by ~~LPS-33183~~

Show

Brian Chan added a comment - 04/Mar/13 9:04 AM This ticket is required by LPS-33183

Hide

Permalink

Michael Saechang added a comment - 27/Mar/13 9:47 AM

Committed on:
Portal 6.2.x GIT ID: c302c076fcd61309df5939ab37530e0609c60d71.

Show

Michael Saechang added a comment - 27/Mar/13 9:47 AM Committed on: Portal 6.2.x GIT ID: c302c076fcd61309df5939ab37530e0609c60d71.

People

Assignee:

Michael Saechang

Reporter:

Samuel Kong

Participants of an Issue:

Brian Chan, Michael Saechang, Samuel Kong

Vote (0)

Watch (0)

Dates

Created:

03/Mar/13 7:55 PM

Updated:

27/Mar/13 9:48 AM

Resolved:

04/Mar/13 9:04 AM

Days since last comment:

12 weeks ago

Agile

View on Board

~~LPS-4778~~	Layout changing
~~LPS-4848~~	Layout Changing
~~LPS-2552~~	Selenium Tests Button Changes
~~LPS-2151~~	Blogs - Change LAR File