[jira] Created: (OFBIZ-1970) unescaped html special characters create problems in pages

unescaped html special characters create problems in pages
----------------------------------------------------------

                 Key: OFBIZ-1970
                 URL: https://issues.apache.org/jira/browse/OFBIZ-1970
             Project: OFBiz
          Issue Type: Bug
          Components: framework
    Affects Versions: SVN trunk, Release Branch 4.0
         Environment: Ofbiz rev 699187, Windows XP, postgresql-8.2-504 on Intel CoreDuo 1.8Gz, 2GB of RAM
            Reporter: ian tabangay
            Priority: Minor


HTML specific characters (like ' & " > < /) are unescaped when rendered. This creates problems for rendering pages that interacts with javascripts. Note that this bug is the same to a previous issue regarding unescaped special characters (see https://issues.apache.org/jira/browse/OFBIZ-1133). This bug also prone to all sorts of HTML injection hacks. HTML and javascript codes may be set as a value to an input field. Browsers shall render these as if part of the form.

I suggest escaping values when a page is being rendered. This will remove the hassle of data migration for the database to fix values with unescaped HTML characters.


--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

     [ https://issues.apache.org/jira/browse/OFBIZ-1970?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jacques Le Roux closed OFBIZ-1970.
----------------------------------

    Resolution: Duplicate

There are already a lot of issues open about thid subject

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.