Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-13877

Improve input sanitization of URL attributes

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: L3 - Default L3 - Default
    • None
    • None
    • webapp
    • None

      Currently, the information in the URL is treated as safe. This is not best practice.

      Acceptance Criteria (Required on creation):

      • Sanitize all URL components (path and query parameters) before accessing the data

      Hints (Optional):

      Options:

      • Patch the routeProvider and locationProvider to escape dangerous strings on access
        Pro: all access using angular services covered
        Con: access over window.location not covered, patching angular internals might be tricky
      • Create a URL watcher that replaces the URL as changes are made
        Pro: All access is covered
        Con: Might cause a feedback loop with other watchers

        This is the controller panel for Smart Panels app

              Unassigned Unassigned
              martin.stamm Martin Stamm
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: