Virtual Happy Hour this month, Jun 28, we'll be getting a sneak preview at our soon to launch SaaS CMS!

Try our conversational search powered by Generative AI!

Javascript in page name executed when page is deleted

Hi If you add a HTML javascript block to the page name EPiServer mostly escapes it (for example in the edit menu or in the search results). This is good if you have content being created by users (for example forums) to prevent malicious XSS code from being executed. But when you delete the page the script is executed when the page name is displayed on the confirmation page. 1. Create a page. Name it "" 2. Delete the page. The alert saying Test will appear. And the confirmation page displays: "" har flyttats till papperskorgen. Well, not a really big issue, but this could have an editor end up on a malicious site. Regards /Fredrik
Jan 03, 2006 15:40
Hello Fredrik! This issue should be fixed in EPiServer 4.60 that was released last friday.
Apr 03, 2006 14:23
Oct 27, 2008 12:28
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.