[#ZF-8663] Zend_Json internal does not encode solidus when encoding strings - Zend Framework Issue Tracker

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.9.6
Fix Version/s: 1.7.9, 1.8.5, 1.9.7
Component/s: Zend_Json
Labels:
None

Fix Version Priority:
Must Have

Description

Zend_Json's internal encoder fails to encode the solidus (http://www.json.org/ and http://www.json.org/string.gif) when attempting to encode strings. This could potentially result a potential security risk when transfering un-escaped and unsafe HTML to a json client who's primary intention is to display it in the browser.

More Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Download All

Attachments

ZF-8663.patch

29/Dec/09 4:36 PM

2 kB

Ralph Schindler

Activity

All
Comments
Work Log
History
Activity

There are no comments yet on this issue.

People

Assignee:

Ralph Schindler

Reporter:

Ralph Schindler

Vote (0)

Watch (0)

Dates

Created:

29/Dec/09 4:29 PM

Updated:

11/Jan/10 1:00 PM

Resolved:

11/Jan/10 1:00 PM

Time Tracking

Estimated:

Remaining:

Logged:

Not Specified