Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1377: Improve escaping of characters in username #1620

spring-issuemaster opened this Issue Jan 21, 2010 · 0 comments


None yet
1 participant

Luke Taylor (Migrated from SEC-1377) said:

The username is cached iternally on login, and may be re-rendered by the application. We should improve the encoding of the username, as decribed in http://www.owasp.org/index.php/How_to_perform_HTML_entity_encoding_in_Java. Note the situation wrt supplementary Unicode character support and the removal of control characters.

@spring-issuemaster spring-issuemaster added this to the 3.0.2 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment