You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
MNT-22612 commit introduced a bug, where a document-details button link in the shared page is invalid - "example.com/share/s/Encode.forHtmlAttribute(/share/page/quickshare-redirect?id=XXX)"
Proposed change in the share/src/main/resources/alfresco/site-webscripts/org/alfresco/components/quickshare/header.get.html.ftl line 32: <a href="${linkButton.href?xhtml}" class="brand-button ${linkButton.cssClass!""}" tabindex="0">${linkButton.label?xhtml}</a>
I guess @rrajoria tried to used OWASP Encode utility but it is not available on the Freemakrer's side. Such an expression should also be inside Freemarker's expression ${}. Anyway, ?xhtml should be enough to protect against XSS
The text was updated successfully, but these errors were encountered:
MNT-22612 commit introduced a bug, where a document-details button link in the shared page is invalid - "example.com/share/s/Encode.forHtmlAttribute(/share/page/quickshare-redirect?id=XXX)"
Proposed change in the share/src/main/resources/alfresco/site-webscripts/org/alfresco/components/quickshare/header.get.html.ftl line 32:
<a href="${linkButton.href?xhtml}" class="brand-button ${linkButton.cssClass!""}" tabindex="0">${linkButton.label?xhtml}</a>
I guess @rrajoria tried to used OWASP Encode utility but it is not available on the Freemakrer's side. Such an expression should also be inside Freemarker's expression
${}
. Anyway,?xhtml
should be enough to protect against XSSThe text was updated successfully, but these errors were encountered: