Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Normal
Fix Version/s: 10.0.0
Affects Version/s: None
Component/s: None
Labels:
None

User Story

Some ZK components handle XSS issues by encoding user input, but not cover all component attributes.

Acceptance Criteria

Encoding by default, and use white list.

Details

relates to

ZK-5161 page directive's attributes are not encoded before rendering into HTML

Closed

ZK-5162 emptyMessage is not escaped with HTML characters

Closed

ZK-5260 chosenbox options don't escape HTML characters

Closed

Assignee:: jumperchen

Reporter:: DevChu

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 17/Jun/22 1:48 AM

Updated:: 29/Dec/23 9:23 AM

Resolved:: 29/Dec/23 9:22 AM