Context Navigation

← Previous Ticket
Next Ticket →

#10129 closed defect (fixed)

Grid not properly escaping ampersands

Reported by:	Nathan Toone	Owned by:	Nathan Toone
Priority:	high	Milestone:	1.4
Component:	DojoX Grid	Version:	1.4.0b
Keywords:		Cc:
Blocked By:		Blocking:

Description

The grid properly prevents HTML injection by replacing "<" with "<" - however, it does not properly replace "&" with "&" - meaning data value of "<>" will show up in the grid as "<>" (incorrectly, when escaping is turned on).

Not a blocker, as this is not a regression, nor a security risk...however, it is easy to fix, and should be fixed.

Change History (1)

comment:1 Changed 10 years ago by Nathan Toone

Resolution:	→ fixed
Status:	new → closed

(In [20594]) Fixes #10129 - make sure that we replace ampersands (before we replace the less than) when writing out the value !strict

Note: See TracTickets for help on using tickets.

Download in other formats:

Comma-delimited Text
Tab-delimited Text
RSS Feed