Uploaded image for project: 'ZK'
  1. ZK
  2. ZK-4052

add a warning in javadoc of Clients.showNotification() about not escaped content

XMLWordPrintable

    • Icon: New Feature New Feature
    • Resolution: Done
    • Icon: Normal Normal
    • 8.6.1
    • None
    • None
    • Security Level: Jimmy
    • None
    • ZK 8.6.0 S2, ZK 8.6.1 S1

      According to https://www.zkoss.org/wiki/ZK_Developer%27s_Reference/Security_Tips/Cross-site_scripting#Using_some_of_the_.27Clients.27_utility_methods, this method doesn't encode the string argument on purpose. Just add a warning in JavaDoc to remind the people who call it.

            CharlesQiu CharlesQiu
            hawk hawk
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - 1 hour
                1h
                Remaining:
                Time Spent - 30 minutes Remaining Estimate - 30 minutes
                30m
                Logged:
                Time Spent - 30 minutes Remaining Estimate - 30 minutes
                30m