[SLING-5445] XSSAPI#encodeForJSString is too restrictive - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: XSS Protection API 1.0.6
Fix Version/s: XSS Protection API 1.0.8
Component/s: Extensions
Labels:
None

Description

For the cases when somebody tries to sanitise JSON strings the XSSAPI#encodeForJSString current implementation is too restrictive.

Assuming one would want to sanitize 2016-01-21T15:40:30, the output of the XSSAPI#encodeForJSString would be

2016\-01\-21T15:40:30

which although is a valid String for JavaScript code is not a valid one for JSON.

Attachments

Activity

People

Assignee:: Radu Cotescu

Reporter:: Radu Cotescu

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 21/Jan/16 14:47

Updated:: 02/Feb/16 15:20

Resolved:: 21/Jan/16 17:21