Issue
- Special Characters should not be allowed.
-
Steps to reproduce:
1. Navigate to the System Settings -> Catalog -> Product Relations
2. Add new value as "<script>alert(1);</script>"
3. Save
4. Now, go to any product details
5. Click on Product Relation
Observed Behavior: It will execute the script and throw errors on the front end.
Expected Behavior: Special Characters should not be allowed to be saved from the control panel settings itself.
Environment
- Liferay DXP 7.4
- Commerce 4.0
Resolution
- The observed behavior is the known bug of commerce 4.0 and has been addressed in update 83 or above.
- Please be noted that the new value is saved regardless if it has Special Characters or not, but the input is sanitized, and viewing or adding product relations work as expected.
Additional Information
- If a hotfix is required, please create a support ticket requesting the hotfix by attaching the patch details and this ticket which addresses this concern.
- Installing Fix Packs and Hotfixes on Liferay DXP will guide you to install the Fixpack or Hotfix in your environment.
Conteúdo Excluesivo para Assinantes
Uma Subscrição do Liferay Enterprise fornece acesso a mais de 1.500 artigos que incluem práticas recomendadas, solução de problemas e outras soluções valiosas. Faça login para obter acesso completo.
Entrar