Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-22659

Web Content - special characters in Display Page name are not properly escaped

    Details

      Description

      1. add page
      2. as a title and HTML title of that page enter:
        <a href="http://www.eo.pl">eo</a>
        
      3. save
      4. add asset publisher to that page and configure it as a default display for that page
      5. add new Web Content
      6. in Display Page section choose your site
        Effect: in blue marker special characters in a name of that page are not escaped. That could lead to security issue (HTML injection and possible JS injection)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              michael.saechang Michael Saechang
              Reporter:
              szymon.golebiewski Szymon Golebiewski (Inactive)
              Participants of an Issue:
              Recent user:
              Marta Elicegui
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                9 years, 35 weeks, 5 days ago

                  Packages

                  Version Package
                  6.1.0 CE RC1
                  --Sprint 11/12
                  6.2.0 CE M2