[SLING-9019] The XSSFilter will mark URLs containing both escaped characters and HTML entities as invalid - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: XSS Protection API 2.0.4
Fix Version/s: XSS Protection API 2.2.0
Component/s: XSS Protection API
Labels:
None

Description

A URL similar to http://localhost/?q=a+b&r=1 will be marked as invalid by the XSSFilterImpl implementation. However, the URL provided is valid and should not be filtered.

Attachments

Activity

People

Assignee:: Radu Cotescu

Reporter:: Radu Cotescu

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 22/Jan/20 14:51

Updated:: 27/Jan/20 13:16

Resolved:: 22/Jan/20 15:18