Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-13877

Improve input sanitization of URL attributes

    XMLWordPrintable

Details

    • Task
    • Resolution: Unresolved
    • L3 - Default
    • None
    • None
    • webapp
    • None

    Description

      Currently, the information in the URL is treated as safe. This is not best practice.

      Acceptance Criteria (Required on creation):

      • Sanitize all URL components (path and query parameters) before accessing the data

      Hints (Optional):

      Options:

      • Patch the routeProvider and locationProvider to escape dangerous strings on access
        Pro: all access using angular services covered
        Con: access over window.location not covered, patching angular internals might be tricky
      • Create a URL watcher that replaces the URL as changes are made
        Pro: All access is covered
        Con: Might cause a feedback loop with other watchers

      mgm-controller-panel

        This is the controller panel for Smart Panels app

        Attachments

          Issue Links

            is related to

            Task - A task that needs to be done. CAM-13876 NotificationsPanel uses compile-template

            • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
            • Closed

            Activity

              People

                Unassigned Unassigned
                martin.stamm Martin Stamm
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:

                  Salesforce