Skip to content

Apply HTML escaping to timestamp attribute in Whitelabel error page#50205

Merged
snicoll merged 2 commits intospring-projects:3.5.xfrom
kwondh5217:fix/whitelabel-timestamp-html-escaping
Apr 25, 2026
Merged

Apply HTML escaping to timestamp attribute in Whitelabel error page#50205
snicoll merged 2 commits intospring-projects:3.5.xfrom
kwondh5217:fix/whitelabel-timestamp-html-escaping

Conversation

@kwondh5217
Copy link
Copy Markdown
Contributor

@kwondh5217 kwondh5217 commented Apr 24, 2026

Apply htmlEscape() to the timestamp attribute.

Closes gh-50203

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Apr 24, 2026
@wilkinsona wilkinsona mentioned this pull request Apr 24, 2026
Closed
@wilkinsona wilkinsona removed the status: waiting-for-triage An issue we've not yet triaged label Apr 24, 2026
@wilkinsona wilkinsona added this to the 3.5.x milestone Apr 24, 2026
@wilkinsona wilkinsona added the type: bug A general bug label Apr 24, 2026
@wilkinsona wilkinsona changed the base branch from main to 3.5.x April 24, 2026 14:36
@wilkinsona wilkinsona force-pushed the fix/whitelabel-timestamp-html-escaping branch from 7eb8b36 to 78dfd57 Compare April 24, 2026 14:37
@wilkinsona
Copy link
Copy Markdown
Member

wilkinsona commented Apr 24, 2026

Thanks for the PR, @kwondh5217.

Could you please make similar changes for WebFlux? I think both timestamp and requestId should be escaped there.

Also, please be aware that I've updated the PR's base branch to be 3.5.x as that's the earliest version to which the fix will be applied.

@wilkinsona wilkinsona added the status: waiting-for-feedback We need additional information before we can continue label Apr 24, 2026
@wilkinsona wilkinsona force-pushed the fix/whitelabel-timestamp-html-escaping branch from 78dfd57 to 31aadbb Compare April 24, 2026 15:06
@wilkinsona wilkinsona changed the base branch from 3.5.x to main April 24, 2026 15:06
@wilkinsona
Copy link
Copy Markdown
Member

wilkinsona commented Apr 24, 2026

Also, please be aware that I've updated the PR's base branch to be 3.5.x as that's the earliest version to which the fix will be applied.

Please ignore this. I've restored the base branch back to main. Let's get all the changes in place before switching things onto 3.5.x.

@kwondh5217 kwondh5217 force-pushed the fix/whitelabel-timestamp-html-escaping branch from 31aadbb to f37ef4d Compare April 24, 2026 15:12
@kwondh5217
Copy link
Copy Markdown
Contributor Author

kwondh5217 commented Apr 24, 2026

Done. Applied htmlEscape() to both timestamp and requestId in AbstractErrorWebExceptionHandler. Also changed the type of timestamp from Date to Object to be consistent with the WebMVC
implementation and to avoid a ClassCastException if a custom ErrorAttributes sets it to a non-Date value. Please take another look !

@spring-projects-issues spring-projects-issues added status: feedback-provided Feedback has been provided and removed status: waiting-for-feedback We need additional information before we can continue labels Apr 24, 2026
@snicoll snicoll self-assigned this Apr 25, 2026
@snicoll snicoll force-pushed the fix/whitelabel-timestamp-html-escaping branch from c839956 to b1ffa65 Compare April 25, 2026 08:32
@snicoll snicoll changed the base branch from main to 3.5.x April 25, 2026 08:32
@snicoll snicoll removed the status: feedback-provided Feedback has been provided label Apr 25, 2026
@snicoll snicoll mentioned this pull request Apr 25, 2026
Closed
@snicoll snicoll merged commit 466e11b into spring-projects:3.5.x Apr 25, 2026
1 check failed
@snicoll snicoll modified the milestones: 3.5.x, 3.5.15 Apr 25, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@snicoll snicoll

Labels

type: bug A general bug

Projects

None yet

Milestone

3.5.15

Development

Successfully merging this pull request may close these issues.

Whitelabel error page does not apply HTML escaping to timestamp attribute

4 participants

@kwondh5217 @wilkinsona @snicoll @spring-projects-issues