Uploaded image for project: 'ZK'
  1. ZK
  2. ZK-4052

add a warning in javadoc of Clients.showNotification() about not escaped content

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Normal
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 8.6.1
    • Component/s: None
    • Security Level: Jimmy
    • Labels:
      None
    • gh.sprint.customfield.default.name:
      ZK 8.6.0 S2, ZK 8.6.1 S1

      Description

      According to https://www.zkoss.org/wiki/ZK_Developer%27s_Reference/Security_Tips/Cross-site_scripting#Using_some_of_the_.27Clients.27_utility_methods, this method doesn't encode the string argument on purpose. Just add a warning in JavaDoc to remind the people who call it.

        Attachments

          Activity

            People

            Assignee:
            CharlesQiu CharlesQiu
            Reporter:
            hawk hawk
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 1 hour
                1h
                Remaining:
                Time Spent - 30 minutes Remaining Estimate - 30 minutes
                30m
                Logged:
                Time Spent - 30 minutes Remaining Estimate - 30 minutes
                30m