-
Type: Bug
-
Status: Resolved
-
Priority: Minor
-
Resolution: Fixed
-
Affects Version/s: 5.4.2
-
Fix Version/s: 5.4.2-HF26, 5.5.0-HF12, 5.6-RC2, 5.7.1
-
Component/s: Dashboard / OpenSocial (deprecated)
It's possible to use some fields (title, comment) in opensocial gadgets to insert malicious code.
Escape strings in those gadgets to prevent this usage.
- is required by
-
NXP-10034 Paging broken in opensocial widgets by document with null fields
- Resolved