OFBiz › OFBiz - Dev

[jira] Created: (OFBIZ-1067) Form Widget values are not always escaped for html special characters

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

5 messages Options

Nicolas Malin (Jira)

[jira] Created: (OFBIZ-1067) Form Widget values are not always escaped for html special characters

Form Widget values are not always escaped for html special characters
---------------------------------------------------------------------

Key: OFBIZ-1067
URL: https://issues.apache.org/jira/browse/OFBIZ-1067
Project: OFBiz
Issue Type: Bug
Components: framework
Affects Versions: SVN trunk, Release Branch 4.0
Environment: All
Reporter: Vinay Agarwal
Priority: Minor
Fix For: SVN trunk, Release Branch 4.0
Attachments: ofbizFormsHtmlEscape.patch

Value in hidden fields isn't escaped for html characters (<,> etc.) which are present if the ElectronicText has formatting.

I used StringEscapeUtils.escapeHtml of org.apache.commons.lang.StringEscapeUtils class that has html escape and other similar utilities. Text fields were already escaped with a own escape function which I replaced with this function. I also escaped file field.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Nicolas Malin (Jira)

[jira] Updated: (OFBIZ-1067) Form Widget values are not always escaped for html special characters

[ https://issues.apache.org/jira/browse/OFBIZ-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Vinay Agarwal updated OFBIZ-1067:
---------------------------------

Attachment: ofbizFormsHtmlEscape.patch

> Form Widget values are not always escaped for html special characters
> ---------------------------------------------------------------------
>
> Key: OFBIZ-1067
> URL: https://issues.apache.org/jira/browse/OFBIZ-1067
> Project: OFBiz
> Issue Type: Bug
> Components: framework
> Affects Versions: SVN trunk, Release Branch 4.0
> Environment: All
> Reporter: Vinay Agarwal
> Priority: Minor
> Fix For: SVN trunk, Release Branch 4.0
>
> Attachments: ofbizFormsHtmlEscape.patch
>
>
> Value in hidden fields isn't escaped for html characters (<,> etc.) which are present if the ElectronicText has formatting.
> I used StringEscapeUtils.escapeHtml of org.apache.commons.lang.StringEscapeUtils class that has html escape and other similar utilities. Text fields were already escaped with a own escape function which I replaced with this function. I also escaped file field.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Nicolas Malin (Jira)

[jira] Commented: (OFBIZ-1067) Form Widget values are not always escaped for html special characters

In reply to this post by Nicolas Malin (Jira)

[ https://issues.apache.org/jira/browse/OFBIZ-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12501985 ]

Jacopo Cappellato commented on OFBIZ-1067:
------------------------------------------

+1 (not tested but sounds good).

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Nicolas Malin (Jira)

[jira] Assigned: (OFBIZ-1067) Form Widget values are not always escaped for html special characters

In reply to this post by Nicolas Malin (Jira)

[ https://issues.apache.org/jira/browse/OFBIZ-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jacopo Cappellato reassigned OFBIZ-1067:
----------------------------------------

Assignee: Jacopo Cappellato

> Form Widget values are not always escaped for html special characters
> ---------------------------------------------------------------------
>
> Key: OFBIZ-1067
> URL: https://issues.apache.org/jira/browse/OFBIZ-1067
> Project: OFBiz
> Issue Type: Bug
> Components: framework
> Affects Versions: SVN trunk, Release Branch 4.0
> Environment: All
> Reporter: Vinay Agarwal
> Assignee: Jacopo Cappellato
> Priority: Minor
> Fix For: SVN trunk, Release Branch 4.0
>
> Attachments: ofbizFormsHtmlEscape.patch
>
>
> Value in hidden fields isn't escaped for html characters (<,> etc.) which are present if the ElectronicText has formatting.
> I used StringEscapeUtils.escapeHtml of org.apache.commons.lang.StringEscapeUtils class that has html escape and other similar utilities. Text fields were already escaped with a own escape function which I replaced with this function. I also escaped file field.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Nicolas Malin (Jira)

[jira] Closed: (OFBIZ-1067) Form Widget values are not always escaped for html special characters

In reply to this post by Nicolas Malin (Jira)

[ https://issues.apache.org/jira/browse/OFBIZ-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jacopo Cappellato closed OFBIZ-1067.
------------------------------------

Resolution: Fixed

A bigger patch (including the one from Vinay) is in rev. 583091

> Form Widget values are not always escaped for html special characters
> ---------------------------------------------------------------------
>
> Key: OFBIZ-1067
> URL: https://issues.apache.org/jira/browse/OFBIZ-1067
> Project: OFBiz
> Issue Type: Bug
> Components: framework
> Affects Versions: SVN trunk, Release Branch 4.0
> Environment: All
> Reporter: Vinay Agarwal
> Assignee: Jacopo Cappellato
> Priority: Minor
> Fix For: SVN trunk, Release Branch 4.0
>
> Attachments: ofbizFormsHtmlEscape.patch
>
>
> Value in hidden fields isn't escaped for html characters (<,> etc.) which are present if the ElectronicText has formatting.
> I used StringEscapeUtils.escapeHtml of org.apache.commons.lang.StringEscapeUtils class that has html escape and other similar utilities. Text fields were already escaped with a own escape function which I replaced with this function. I also escaped file field.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.