OFBiz OFBiz - Dev
Login  Register

[jira] [Created] (OFBIZ-5910) WidgetWorker.buildHyperlinkUrl generates invalid url when using certain sequences of characters

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options Options
 
Embed post
Permalink
Nicolas Malin (Jira)
Reply | Threaded
Open this post in threaded view
| More
Print post
Permalink
Dec 18, 2014; 11:19am

[jira] [Created] (OFBIZ-5910) WidgetWorker.buildHyperlinkUrl generates invalid url when using certain sequences of characters

Nicolas Malin (Jira)
106048 posts
Gareth Carter created OFBIZ-5910:
------------------------------------

             Summary: WidgetWorker.buildHyperlinkUrl generates invalid url when using certain sequences of characters
                 Key: OFBIZ-5910
                 URL: https://issues.apache.org/jira/browse/OFBIZ-5910
             Project: OFBiz
          Issue Type: Bug
          Components: framework
    Affects Versions: Trunk
            Reporter: Gareth Carter


If you define a url with parameters or contains url encoded parameters, the output from WidgetWorker.buildHyperlinkUrl may be invalid. This is because of using StringUtil.defaultWebEncoder.canonicalize(localRequestName).

eg
abc=&or1=123    ->   abc=?1=123
abc=&to1=123    ->   abc=&to1=123 (this one is fine)
abc=&and1=123    ->    abc=?1=123
abc=&gtabc=123   ->    abc=>abc=123

The owasp HTMLEntityCodec seems to look for special sequences (or, and, gt, lt etc) and change them. This to me is invalid because url encoding and html encoding are different

Why are the urls encoding the ampersands anyway? (String localRequestName = UtilHttp.encodeAmpersands(target);).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
Free forum by Nabble Edit this page