Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-22659

Web Content - special characters in Display Page name are not properly escaped

Details

    Description

      1. add page
      2. as a title and HTML title of that page enter:
        <a href="http://www.eo.pl">eo</a>
        
      3. save
      4. add asset publisher to that page and configure it as a default display for that page
      5. add new Web Content
      6. in Display Page section choose your site
        Effect: in blue marker special characters in a name of that page are not escaped. That could lead to security issue (HTML injection and possible JS injection)

      Attachments

        Issue Links

          Activity

            People

              michael.saechang Michael Saechang
              szymon.golebiewski Szymon Golebiewski (Inactive)
              Kiyoshi Lee Kiyoshi Lee
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                10 years, 28 weeks, 5 days ago

                Packages

                  Version Package
                  6.1.0 CE RC1
                  --Sprint 11/12
                  6.2.0 CE M2