Custom Query (73 matches)
Results (34 - 36 of 73)
Ticket | Resolution | Summary | Owner | Reporter |
---|---|---|---|---|
#44 | fixed | Check for and correct to ${X.encodeAsHtml()} where required. | ||
Description |
Anywhere that user input is displayed in a page there is the opportunity for html (or worse javascript?) injection. Using ${X} directly renders the text so a user input of "<td>nice</td>" would change the layout of the page. Find and correct all cases to ${X.encodeAsHtml()}. |
|||
#47 | fixed | Filterpane bug when selecting an operator but not inputting a value for ID and Integer attributes | ||
Description |
See bug in grails plugin filterpane: http://jira.codehaus.org/browse/GRAILSPLUGINS-1717 This upstream bug report has been closed and is due for inclusion in filterpane-0.6.5 which has not been released yet. Contributed a further improvement (grails plugin rev 59495) so that user input parsing is done in a type safe way. This is now fixed in grails-filterpane-0.6.6-SNAPSHOT Fixed at r361 by upgrading plugin to the newly release 0.6.6-SNAPSHOT. |
|||
#49 | fixed | Budget status for Tasks | ||
Description |
|