Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://github.com/pmd/pmd/issues/1468 below:

[doc] Missing escaping leads to XSS · Issue #1468 · pmd/pmd · GitHub

Description:
As pointed out in #1464

The documentation is however generated, so we have to fix the generator.
So, it's changed back already: fda3aa1

The generator produces out of jsp security.xml this markdown representation:

https://raw.githubusercontent.com/pmd/pmd/master/docs/pages/pmd/rules/jsp/security.md

Scroll down to the rule "NoUnsanitizedJSPExpression" - the description contains the html tag, while in XML, we were using escapes.

Tasks:

• Unit test in pmd-doc to reproduce the problem and avoid it from appearing again
• Fix the problem
• Push to master and let pmd-bot regenerate the new files

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4