[FLUID-4050] Renderer does not escape UIBound values correctly (esp character " - double quote) - Fluid Project Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.3
Fix Version/s: 1.3.1
Component/s: Renderer
Labels:
None

Description

UIBound values output by the renderer are not XMLEncoded properly. In most cases the browser can "auto-repair" the attribute value but for the case of double quote " it can only assume that the attribute value has terminated. This is a serious data integrity risk.

Attachments

Activity

People

Assignee:: Michelle D'Souza

Reporter:: Antranig Basman

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 02/Feb/11 11:44 PM

Updated:: 04/Feb/11 5:27 PM

Resolved:: 04/Feb/11 9:07 AM