[richfaces-issues] [JBoss JIRA] Resolved: (RF-3916) a4j:htmlCommandLink doesn't encode its value

Wednesday, 16 July 2008



     [
https://jira.jboss.org/jira/browse/RF-3916?page=com.atlassian.jira.plugin...
]

Anton Belevich resolved RF-3916.
--------------------------------

    Fix Version/s:     (was: 3.1.x)
       Resolution: Done


...
 a4j:htmlCommandLink doesn't encode its value
 --------------------------------------------

                 Key: RF-3916
                 URL: https://jira.jboss.org/jira/browse/RF-3916
             Project: RichFaces
          Issue Type: Bug
    Affects Versions: 3.1.2
            Reporter: Lars Koedderitzsch
            Assignee: Anton Belevich
            Priority: Critical
             Fix For: 3.2.2


 a4j:htmlCommandLink doesn't encode its value - which opens a door for malicious
attacks against RichFaces applications, e.g. the injection of scripts.
 The bug is also present in 3.2.1. 
-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

[richfaces-issues] [JBoss JIRA] Resolved: (RF-3916) a4j:htmlCommandLink doesn't encode its value