Uploaded image for project: 'XWiki Commons'
  1. XWiki Commons
  2. XCOMMONS-435

Add a tool to sanitize query string

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Fixed
    • Major
    • 5.2-milestone-1
    • 5.1
    • Velocity
    • None
    • Unit

    Description

      Right now, we don't have any tool to sanitize some query string that would be put inserted into an url. As this is needed in many places, we could add the following method to escapetool:

      String url(Map<String, ?>)

      that would create a safe and correctly escaped query String from a map of parameters.
      See the discussion on https://github.com/xwiki/xwiki-platform/pull/134 for more details.

      Attachments

        Issue Links

          blocks

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-9360 URI Based Reflected XSS on XWIKI 4.5.2

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          is duplicated by

          New Feature - A new feature of the product, which has yet to be developed. XCOMMONS-1419 Provide a method to build query strings in Velocity

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              thomas_delafosse Thomas Delafosse
              thomas_delafosse Thomas Delafosse
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: