Opened 10 years ago
Closed 10 years ago
#10129 closed defect (fixed)
Grid not properly escaping ampersands
Reported by: | Nathan Toone | Owned by: | Nathan Toone |
---|---|---|---|
Priority: | high | Milestone: | 1.4 |
Component: | DojoX Grid | Version: | 1.4.0b |
Keywords: | Cc: | ||
Blocked By: | Blocking: |
Description
The grid properly prevents HTML injection by replacing "<" with "<" - however, it does not properly replace "&" with "&" - meaning data value of "<>" will show up in the grid as "<>" (incorrectly, when escaping is turned on).
Not a blocker, as this is not a regression, nor a security risk...however, it is easy to fix, and should be fixed.
Note: See
TracTickets for help on using
tickets.
(In [20594]) Fixes #10129 - make sure that we replace ampersands (before we replace the less than) when writing out the value !strict