Uploaded image for project: 'ZK'
  1. ZK
  2. ZK-5182

Prevent XSS issue in component attributes

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: 10.0.0
    • Component/s: None
    • Labels:
      None

      Description

      User Story

      Some ZK components handle XSS issues by encoding user input, but not cover all component attributes.

      Acceptance Criteria

      Encoding by default, and use white list.

      Details

        Attachments

          Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. ZK-5161 page directive's attributes are not encoded before rendering into HTML

          • Normal - Normal
          • Open

          Bug - A problem which impairs or prevents the functions of the product. ZK-5162 emptyMessage is not escaped with HTML characters

          • Later - No solution found yet.
          • Open

            Activity

              People

              Assignee:
              DevChu DevChu
              Reporter:
              DevChu DevChu
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated: