]
Nick Belaevski updated RF-3916:
-------------------------------
Fix Version/s: 3.1.x
3.2.2
Assignee: Anton Belevich
Priority: Critical (was: Blocker)
a4j:htmlCommandLink doesn't encode its value
--------------------------------------------
Key: RF-3916
URL:
https://jira.jboss.org/jira/browse/RF-3916
Project: RichFaces
Issue Type: Bug
Affects Versions: 3.1.2
Reporter: Lars Koedderitzsch
Assignee: Anton Belevich
Priority: Critical
Fix For: 3.1.x, 3.2.2
a4j:htmlCommandLink doesn't encode its value - which opens a door for malicious
attacks against RichFaces applications, e.g. the injection of scripts.
The bug is also present in 3.2.1.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: