add a warning in javadoc of Clients.showNotification() about not escaped content

XMLWordPrintable

    • Type: New Feature
    • Resolution: Done
    • Priority: Normal
    • 8.6.1
    • Affects Version/s: None
    • Component/s: None
    • Security Level: Jimmy
    • None
    • ZK 8.6.0 S2, ZK 8.6.1 S1
    • None

      According to https://www.zkoss.org/wiki/ZK_Developer%27s_Reference/Security_Tips/Cross-site_scripting#Using_some_of_the_.27Clients.27_utility_methods, this method doesn't encode the string argument on purpose. Just add a warning in JavaDoc to remind the people who call it.

            Assignee:
            CharlesQiu
            Reporter:
            hawk
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - 1 hour
                1h
                Remaining:
                Time Spent - 30 minutes Remaining Estimate - 30 minutes
                30m
                Logged:
                Time Spent - 30 minutes Remaining Estimate - 30 minutes
                30m