Project-1CE/frameworks_base - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Nick Kralevich <nnk@google.com>	2012-07-27 13:22:20 -0700
committer	Nick Kralevich <nnk@google.com>	2012-07-27 13:27:00 -0700
commit	c92db391379cc19738de8bb5008ed619cb049ebe (patch)
tree	7bf9e332c1f8dd733ebb89029ad61c195488a616 /docs/html/sdk/api_diff/12/changes
parent	527d14dc3c2fd72f1cdfaaa7e249456778fe93e4 (diff)

ClipData: html attribute values should always be escaped

Failure to properly escape HTML attribute values can lead to XSS attacks. Technically, HTML of the form <a href="http://www.google.com/search?x=a&y=b">blah</a> is malformed (but widely accepted). Such links should be written as <a href="http://www.google.com/search?x=a&y=b">blah</a> See: http://www.w3.org/TR/1999/REC-html401-19991224/appendix/notes.html#h-B.2.2 Change-Id: I188ded00b4cac44acb38884d4728c4cf9500f3b6

Diffstat (limited to 'docs/html/sdk/api_diff/12/changes')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: