Issues

ZF-8663: Zend_Json internal does not encode solidus when encoding strings

Issue Type: Bug Created: 2009-12-29T16:29:56.000+0000 Last Updated: 2010-01-11T13:00:38.000+0000 Status: Resolved Fix version(s): - 1.7.9 (11/Jan/10)

  • 1.8.5 (11/Jan/10)
  • 1.9.7 (11/Jan/10)

Reporter: Ralph Schindler (ralph) Assignee: Ralph Schindler (ralph) Tags: - Zend_Json

Related issues: Attachments: - ZF-8663.patch

Description

Zend_Json's internal encoder fails to encode the solidus (http://www.json.org/ and http://www.json.org/string.gif) when attempting to encode strings. This could potentially result a potential security risk when transfering un-escaped and unsafe HTML to a json client who's primary intention is to display it in the browser.

Comments

No comments to display

Have you found an issue?

See the Overview section for more details.

Copyright

© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.

Contacts