Bookmarks portlet does not escape HTML

Description

The bookmarks portlet doesn't escape any HMTL in any field So I could enter </div</div></div> and really break the layout. See screenshot.

Actually, the affects version is 1.0.10 but it is not in the list above.

Environment

None

Attachments

2

Activity

Show:

Steve Swinsburg 
December 20, 2011 at 2:18 AM

Attached a patch to fix this. Also replaced the URL validation with Commons Validator.

It was allowing through anything that started with http:// but ignoring the actual content of the URL.

So http://<b>bookmark</b> was valid. Fixed now.

Details

Assignee

Reporter

Fix versions

Affects versions

Priority

Created December 19, 2011 at 10:24 PM
Updated October 26, 2015 at 11:54 PM