Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
XSS Protection API 2.0.8
-
None
Description
The following URLs, when passed to org.apache.sling.xss.XSSAPI#getValidHref, get double encoded:
- /content/page with spaces/jcr:content
- /content/page%20with%20spaces/jcr:content
The bug seems to be in the org.apache.sling.xss.impl.XSSAPIImpl#mangleNamespaces method.
Attachments
Issue Links
- is caused by
-
SLING-7741 org.apache.sling.xss.impl.XSSAPIImpl#getValidHref doesn't correctly handle the ":" character in URL fragments
- Closed