Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-12730

Missing HTML-escape in the Syntax help

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Trivial
    • Resolution: Fixed
    • Affects Version/s: 7.2
    • Fix Version/s: 7.3-milestone-2
    • Component/s: Help
    • Labels:
      None
    • Difficulty:
      Unknown
    • Documentation:
      N/A
    • Documentation in Release Notes:
      N/A
    • Similar issues:

      Description

      In the Syntax help the href-parameters are not escaped, causing bare &
      in the href attr. (It is only the html-macro that fixes this afterwards via clean="true" ...)

      So this is currently not a problem, but it might create a problem if someone messes with e.g. the $extraParams in the code; better escape it manually.

        Attachments

          Activity

            People

            • Assignee:
              camil7 Clemens Robbenhaar
              Reporter:
              camil7 Clemens Robbenhaar
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: