Qpid
  1. Qpid
  2. QPID-4841

[Java Broker] Ensure all data values returned through the REST API are properly sanitised before displaying in HTML to prevent XSS attacks

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.22, 0.23
    • Component/s: Java Broker
    • Labels:
      None

      Description

      To prevent cross site scripting attacks, anywhere where a value which may have been set by a user is displayed through the HTML GUI, we should ensure that the value is properly encoded.

        Activity

        Hide
        Rob Godfrey added a comment -

        Committed revision 1482562.

        Show
        Rob Godfrey added a comment - Committed revision 1482562.

          People

          • Assignee:
            Rob Godfrey
            Reporter:
            Rob Godfrey
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development