Spring Security
  1. Spring Security
  2. SEC-1377

Improve escaping of characters in username

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 3.0.1
    • Fix Version/s: 3.0.2
    • Component/s: Web
    • Labels:
      None

      Description

      The username is cached iternally on login, and may be re-rendered by the application. We should improve the encoding of the username, as decribed in http://www.owasp.org/index.php/How_to_perform_HTML_entity_encoding_in_Java. Note the situation wrt supplementary Unicode character support and the removal of control characters.

        Activity

        There are no comments yet on this issue.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Luke Taylor
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: