[richfaces-issues] [JBoss JIRA] Reopened: (RF-3916) a4j:htmlCommandLink doesn't encode its value
[
https://jira.jboss.org/jira/browse/RF-3916?page=com.atlassian.jira.plugin...
]
Dmytro Lisnichenko reopened RF-3916:
------------------------------------
a4j:htmlCommandLink doesn't encode its value
--------------------------------------------
Key: RF-3916
URL: https://jira.jboss.org/jira/browse/RF-3916
Project: RichFaces
Issue Type: Bug
Security Level: Public(Everyone can see)
Affects Versions: 3.1.2
Reporter: Lars Koedderitzsch
Assignee: Tsikhon Kuprevich
Priority: Critical
Fix For: 3.2.2
a4j:htmlCommandLink doesn't encode its value - which opens a door for malicious
attacks against RichFaces applications, e.g. the injection of scripts.
The bug is also present in 3.2.1.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira