-
Notifications
You must be signed in to change notification settings - Fork 743
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ComponentUtils.getHrefURL: lack of encoding #3409
Comments
PR: #3410 |
@jasonex7 Your method seems to assume that the |
#3409 - encode parameter keys as well
@cnsgithub I encode only the values of OutcomeTarget.getParams() because the original request had only EL in value attribute, but it's good that param key was also encoded. Thanks for the observation and commit. |
@jasonex7 Ok. However, as getHrefURL is located in ComponentUtils, you have to expect it to be used in other locations as well in future. |
As already mentioned in this commit comment parameter keys are not encoded. This may lead to HTTP parameter pollution.
Fragments are also not encoded.See comment belowThe text was updated successfully, but these errors were encountered: