[
https://issues.apache.org/jira/browse/OFBIZ-3135?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jacques Le Roux closed OFBIZ-3135.
----------------------------------
Resolution: Fixed
Fix Version/s: SVN trunk
Release Branch 9.04
Assignee: Jacques Le Roux
Thanks Patrick,
I checked the diff you provided against
http://code.google.com/p/owasp-esapi-java/source/detail?r=755 and found no differences (except test classes no present of course)
I replaced the jar in trunk at r884781, R9.04 at r884783
> In owasp-esapi-java, htmlCodec.decode is broken for all entities where entity.substr(0, x) exists
> --------------------------------------------------------------------------------------------------
>
> Key: OFBIZ-3135
> URL:
https://issues.apache.org/jira/browse/OFBIZ-3135> Project: OFBiz
> Issue Type: Bug
> Components: framework
> Affects Versions: SVN trunk
> Reporter: Patrick Antivackis
> Assignee: Jacques Le Roux
> Fix For: Release Branch 9.04, SVN trunk
>
> Attachments: owasp-esapi-full-java-1.4.jar, patch-owasp-1.4.diff
>
>
> It's because HTMLEntityCodec.getNamedEntity stop at the first entity found
> so it will never return ² or ³ because &sup exists, neither &piv
> because &pi exists and all other entities where a shorter entity exists.
> See bug reports :
>
http://code.google.com/p/owasp-esapi-java/issues/detail?id=45> Attach is a recompile patched version of the library based on
> owasp-esapi-java-src-1.4.zip
> and a diff of src/org/owasp/esapi/codecs/HTMLEntityCodec.java
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
Locked
