SEC-1377: Improve escaping of characters in username #1620

Closed
spring-issuemaster opened this Issue Jan 21, 2010 · 0 comments

1 participant

@spring-issuemaster

Luke Taylor (Migrated from SEC-1377) said:

The username is cached iternally on login, and may be re-rendered by the application. We should improve the encoding of the username, as decribed in http://www.owasp.org/index.php/How_to_perform_HTML_entity_encoding_in_Java. Note the situation wrt supplementary Unicode character support and the removal of control characters.

@spring-issuemaster spring-issuemaster added this to the 3.0.2 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment