Make html-escaping inside embed macro required #8657

rymsha · 2021-02-17T10:33:01Z

Use of embed macro without encoded html inside is needless - one who can insert unencoded version into macro could instead insert iframe without macro alltogether.

rymsha self-assigned this Feb 17, 2021

rymsha added the Improvement label Feb 17, 2021

rymsha added this to To do in 7.7.0 via automation Feb 17, 2021

rymsha moved this from To do to In progress in 7.7.0 Feb 17, 2021

rymsha changed the title ~~Make html-encoding inside embed macro required~~ Make html-escaping inside embed macro required Feb 17, 2021

rymsha added a commit that referenced this issue Feb 17, 2021

Make html-escaping inside embed macro required #8657

e9bef23

rymsha added a commit that referenced this issue Feb 17, 2021

Make html-escaping inside embed macro required #8657

60ae45f

rymsha added a commit that referenced this issue Feb 17, 2021

Make html-escaping inside embed macro required #8657

1dc0910

rymsha moved this from In progress to Done in 7.7.0 Feb 18, 2021

rymsha added a commit that referenced this issue Feb 19, 2021

Make html-escaping inside embed macro required #8657

85815df

alansemenov closed this as completed Mar 2, 2021

rymsha added this to the 7.7.0 milestone Apr 8, 2021

rymsha mentioned this issue May 11, 2021

Breaking changes enonic/doc-xp#266

Closed

rymsha added the Security Fix for something unsafe label May 12, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Make html-escaping inside embed macro required #8657

Make html-escaping inside embed macro required #8657

rymsha commented Feb 17, 2021

Make html-escaping inside embed macro required #8657

Make html-escaping inside embed macro required #8657

Comments

rymsha commented Feb 17, 2021