Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Major
Fix Version/s: 2.5 M1
Affects Version/s: 2.3.2, 2.4
Component/s: Web - Templates & Resources
Labels:
None

keywords:
security, xss
Tests:

Integration
Difficulty:
Trivial
Similar issues:

Description

Escaping test result:

org.xwiki.escaping.framework.EscapingError: Escaping test failed.
* Parameter: "xcontinue"
  Tested file: templates/previewactions.vm
  URL: http://localhost:8080/xwiki/bin/view/Main/WebHome?skin=default&xcontinue=aaa%22bbb%27ccc%3Eddd%3Ceee&vm=previewactions.vm&xpage=xpart&language=en
  List of validation errors:
    line    1  column  34  FATAL: Unescaped apostrophe character
    line    1  column  30  FATAL: Unescaped quote character
    line    5  column  83  FATAL: Unescaped apostrophe character
* Parameter: "xeditaction"
  Tested file: templates/previewactions.vm
  URL: http://localhost:8080/xwiki/bin/view/Main/WebHome?skin=default&vm=previewactions.vm&xeditaction=aaa%22bbb%27ccc%3Eddd%3Ceee&xpage=xpart&language=en
  List of validation errors:
    line    4  column  85  FATAL: Unescaped apostrophe character
    line    8  column  95  FATAL: Unescaped apostrophe character
    line    8  column  91  FATAL: Unescaped quote character
* Parameter: "editor"
  Tested file: templates/previewactions.vm
  URL: http://localhost:8080/xwiki/bin/view/Main/WebHome?skin=default&vm=previewactions.vm&xpage=xpart&editor=aaa%22bbb%27ccc%3Eddd%3Ceee&language=en
  List of validation errors:
    line    6  column  80  FATAL: Unescaped apostrophe character

Attachments

Activity

People

Assignee:: Alex Busenius

Reporter:: Alex Busenius

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 13/Aug/10 14:38

Updated:: 02/Dec/22 10:54

Resolved:: 18/Aug/10 14:11