qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lorenz Quack (JIRA)" <j...@apache.org>
Subject [jira] [Created] (QPID-7141) [Java Broker] Make sure all data in the ApiDocs are correctly encoded
Date Mon, 14 Mar 2016 15:54:33 GMT
Lorenz Quack created QPID-7141:
----------------------------------

             Summary: [Java Broker] Make sure all data in the ApiDocs are correctly encoded
                 Key: QPID-7141
                 URL: https://issues.apache.org/jira/browse/QPID-7141
             Project: Qpid
          Issue Type: Bug
          Components: Java Broker
            Reporter: Lorenz Quack


The content of the /apidocs html page is derived from the broker which is not aware of html
semantics.
We have to make sure the strings coming from the broker are correctly encoded before putting
them in the HTML DOM.

OWASP has some information about correct escaping/encoding for different scenarios: https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message