[ofbiz-framework] branch release18.12 updated: Fixed: Ampersand in Party not displayed correctly (OFBIZ-12140)

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/release18.12 by this push:
     new a5fdd7b0 Fixed: Ampersand in Party not displayed correctly (OFBIZ-12140)
a5fdd7b0 is described below

commit a5fdd7b063dd446b51311ebbc379b0dba4309a3f
Author: Jacques Le Roux <[hidden email]>
AuthorDate: Sat Jan 23 17:47:46 2021 +0100

    Fixed: Ampersand in Party not displayed correctly (OFBIZ-12140)
   
    In the reported case, ModelFormField::getDescription double HTML encodes the
    description when both the entity and the description contain an ampersand.
   
    A solution is to test if the description is already HTML encoded before encoding
    it again. If HTML encoded then only String encodes it.
   
    BTW I'm not sure it's useful but it's harmless, the same solution can be applied
    to OFBIZ-12026 and similarly in renderableFtlFormElementsBuilder::encode. I'll
    do as improvements...
   
    Thanks: Andrew Waters for report and help in analysis
---
 .../main/java/org/apache/ofbiz/widget/model/ModelFormField.java   | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/framework/widget/src/main/java/org/apache/ofbiz/widget/model/ModelFormField.java b/framework/widget/src/main/java/org/apache/ofbiz/widget/model/ModelFormField.java
index fc77cdc..b0562d1 100644
--- a/framework/widget/src/main/java/org/apache/ofbiz/widget/model/ModelFormField.java
+++ b/framework/widget/src/main/java/org/apache/ofbiz/widget/model/ModelFormField.java
@@ -41,6 +41,7 @@ import java.util.function.Predicate;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
+import org.apache.commons.text.StringEscapeUtils;
 import org.apache.ofbiz.base.conversion.ConversionException;
 import org.apache.ofbiz.base.conversion.DateTimeConverters;
 import org.apache.ofbiz.base.conversion.DateTimeConverters.StringToTimestamp;
@@ -1422,7 +1423,12 @@ public class ModelFormField {
             if (UtilValidate.isEmpty(retVal)) {
                 retVal = "";
             } else if (this.getModelFormField().getEncodeOutput()) {
-                UtilCodec.SimpleEncoder simpleEncoder = (UtilCodec.SimpleEncoder) context.get("simpleEncoder");
+                UtilCodec.SimpleEncoder simpleEncoder = null;
+                if (retVal.equals(StringEscapeUtils.unescapeEcmaScript(StringEscapeUtils.unescapeHtml4(retVal)))) {
+                    simpleEncoder = (UtilCodec.SimpleEncoder) context.get("simpleEncoder");
+                } else {
+                    simpleEncoder = UtilCodec.getEncoder("string");
+                }
                 if (simpleEncoder != null) {
                     retVal = simpleEncoder.encode(retVal);
                 }