[QPID-4841] [Java Broker] Ensure all data values returned through the REST API are properly sanitised before displaying in HTML to prevent XSS attacks - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 0.22, 0.23
Component/s: Broker-J
Labels:
None

Description

To prevent cross site scripting attacks, anywhere where a value which may have been set by a user is displayed through the HTML GUI, we should ensure that the value is properly encoded.

Attachments

Activity

People

Assignee:: Robert Godfrey

Reporter:: Robert Godfrey

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 14/May/13 20:26

Updated:: 11/Feb/15 20:06

Resolved:: 14/May/13 20:28