Loading...

XML

Word

Printable

Details

Type: Improvement
Resolution: Fixed
Priority: Major
Fix Version/s: 14.10.5, 15.1-rc-1
Affects Version/s: 14.10.3
Component/s: Web - Templates & Resources
Labels:
None

Tests:

Integration
Difficulty:
Unknown
Documentation:
https://extensions.xwiki.org/xwiki/bin/view/Extension/Velocity%20Macro/Macros/getSanitizedURLAttributeValue/
Documentation in Release Notes:
https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/15.1RC1/Entry007/
Similar issues:

Description

Now that we provided script services for sanitizing html elements and for checking URLs, I'd like to provide a dedicated velocity macro for helping ensuring the URLs are safe in templates.

Attachments

Issue Links

blocks

XWIKI-20341 RXSS in Delete Template via redirect parameter

Closed

XWIKI-20352 RXSS via xredirect parameter in restore template

Closed

XWIKI-20612 RXSS via xredirect parameter in deletespace template

Closed

XWIKI-20614 RXSS via xredirect paramer in DeleteApplication

Closed

depends on

XCOMMONS-2607 Add a script service for HtmlElementSanitizer

Closed

XWIKI-20549 Provide a new script service API to check trustfulness of an URI

Closed

(1 depends on)

Activity

People

Assignee:: Simon Urli

Reporter:: Simon Urli

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 27/Jan/23 10:16

Updated:: 20/Feb/23 11:07

Resolved:: 02/Feb/23 14:35