Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-12730

Missing HTML-escape in the Syntax help

          Details

          • Type: Improvement
          • Status: Closed
          • Priority: Trivial
          • Resolution: Fixed
          • Affects Version/s: 7.2
          • Fix Version/s: 7.3-milestone-2
          • Component/s: Help
          • Labels:
            None
          • Difficulty:
            Unknown
          • Documentation:
            N/A
          • Documentation in Release Notes:
            N/A
          • Similar issues:

            Description

            In the Syntax help the href-parameters are not escaped, causing bare &
            in the href attr. (It is only the html-macro that fixes this afterwards via clean="true" ...)

            So this is currently not a problem, but it might create a problem if someone messes with e.g. the $extraParams in the code; better escape it manually.

              Attachments

                Activity

                  People

                  • Assignee:
                    camil7 Clemens Robbenhaar
                    Reporter:
                    camil7 Clemens Robbenhaar
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    1 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: