Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-12730

Missing HTML-escape in the Syntax help

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Trivial
    • Resolution: Fixed
    • Affects Version/s: 7.2
    • Fix Version/s: 7.3-milestone-2
    • Component/s: Help
    • Labels:
      None
    • Difficulty:
      Unknown
    • Documentation:
      N/A
    • Documentation in Release Notes:
      N/A
    • Similar issues:

      Description

      In the Syntax help the href-parameters are not escaped, causing bare &
      in the href attr. (It is only the html-macro that fixes this afterwards via clean="true" ...)

      So this is currently not a problem, but it might create a problem if someone messes with e.g. the $extraParams in the code; better escape it manually.

        Attachments

          Activity

            People

            Assignee:
            camil7 Clemens Robbenhaar
            Reporter:
            camil7 Clemens Robbenhaar
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: