Uploaded image for project: 'ZK'
  1. ZK
  2. ZK-5182

Prevent XSS issue in component attributes

    XMLWordPrintable

Details

    • New Feature
    • Resolution: Unresolved
    • Normal
    • 10.0.0
    • None
    • None
    • None

    Description

      User Story

      Some ZK components handle XSS issues by encoding user input, but not cover all component attributes.

      Acceptance Criteria

      Encoding by default, and use white list.

      Details

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. ZK-5161 page directive's attributes are not encoded before rendering into HTML

          • Normal - Normal
          • Open

          Bug - A problem which impairs or prevents the functions of the product. ZK-5162 emptyMessage is not escaped with HTML characters

          • Later - No solution found yet.
          • Open

          Activity

            People

              DevChu DevChu
              DevChu DevChu
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: