You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ofbiz.apache.org by "Vinay Agarwal (JIRA)" <ji...@apache.org> on 2007/06/06 18:50:26 UTC

[jira] Created: (OFBIZ-1067) Form Widget values are not always escaped for html special characters

Form Widget values are not always escaped for html special characters
---------------------------------------------------------------------

                 Key: OFBIZ-1067
                 URL: https://issues.apache.org/jira/browse/OFBIZ-1067
             Project: OFBiz
          Issue Type: Bug
          Components: framework
    Affects Versions: SVN trunk, Release Branch 4.0
         Environment: All
            Reporter: Vinay Agarwal
            Priority: Minor
             Fix For: SVN trunk, Release Branch 4.0
         Attachments: ofbizFormsHtmlEscape.patch

Value in hidden fields isn't escaped for html characters (<,> etc.) which are present if the ElectronicText has formatting. 

I used StringEscapeUtils.escapeHtml of org.apache.commons.lang.StringEscapeUtils class that has html escape and other similar utilities. Text fields were already escaped with a own escape function which I replaced with this function. I also escaped file field.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Assigned: (OFBIZ-1067) Form Widget values are not always escaped for html special characters

Posted by "Jacopo Cappellato (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/OFBIZ-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jacopo Cappellato reassigned OFBIZ-1067:
----------------------------------------

    Assignee: Jacopo Cappellato

> Form Widget values are not always escaped for html special characters
> ---------------------------------------------------------------------
>
>                 Key: OFBIZ-1067
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-1067
>             Project: OFBiz
>          Issue Type: Bug
>          Components: framework
>    Affects Versions: SVN trunk, Release Branch 4.0
>         Environment: All
>            Reporter: Vinay Agarwal
>            Assignee: Jacopo Cappellato
>            Priority: Minor
>             Fix For: SVN trunk, Release Branch 4.0
>
>         Attachments: ofbizFormsHtmlEscape.patch
>
>
> Value in hidden fields isn't escaped for html characters (<,> etc.) which are present if the ElectronicText has formatting. 
> I used StringEscapeUtils.escapeHtml of org.apache.commons.lang.StringEscapeUtils class that has html escape and other similar utilities. Text fields were already escaped with a own escape function which I replaced with this function. I also escaped file field.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Closed: (OFBIZ-1067) Form Widget values are not always escaped for html special characters

Posted by "Jacopo Cappellato (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/OFBIZ-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jacopo Cappellato closed OFBIZ-1067.
------------------------------------

    Resolution: Fixed

A bigger patch (including the one from Vinay) is in rev. 583091


> Form Widget values are not always escaped for html special characters
> ---------------------------------------------------------------------
>
>                 Key: OFBIZ-1067
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-1067
>             Project: OFBiz
>          Issue Type: Bug
>          Components: framework
>    Affects Versions: SVN trunk, Release Branch 4.0
>         Environment: All
>            Reporter: Vinay Agarwal
>            Assignee: Jacopo Cappellato
>            Priority: Minor
>             Fix For: SVN trunk, Release Branch 4.0
>
>         Attachments: ofbizFormsHtmlEscape.patch
>
>
> Value in hidden fields isn't escaped for html characters (<,> etc.) which are present if the ElectronicText has formatting. 
> I used StringEscapeUtils.escapeHtml of org.apache.commons.lang.StringEscapeUtils class that has html escape and other similar utilities. Text fields were already escaped with a own escape function which I replaced with this function. I also escaped file field.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (OFBIZ-1067) Form Widget values are not always escaped for html special characters

Posted by "Jacopo Cappellato (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/OFBIZ-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12501985 ] 

Jacopo Cappellato commented on OFBIZ-1067:
------------------------------------------

+1 (not tested but sounds good).

> Form Widget values are not always escaped for html special characters
> ---------------------------------------------------------------------
>
>                 Key: OFBIZ-1067
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-1067
>             Project: OFBiz
>          Issue Type: Bug
>          Components: framework
>    Affects Versions: SVN trunk, Release Branch 4.0
>         Environment: All
>            Reporter: Vinay Agarwal
>            Priority: Minor
>             Fix For: SVN trunk, Release Branch 4.0
>
>         Attachments: ofbizFormsHtmlEscape.patch
>
>
> Value in hidden fields isn't escaped for html characters (<,> etc.) which are present if the ElectronicText has formatting. 
> I used StringEscapeUtils.escapeHtml of org.apache.commons.lang.StringEscapeUtils class that has html escape and other similar utilities. Text fields were already escaped with a own escape function which I replaced with this function. I also escaped file field.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (OFBIZ-1067) Form Widget values are not always escaped for html special characters

Posted by "Vinay Agarwal (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/OFBIZ-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Vinay Agarwal updated OFBIZ-1067:
---------------------------------

    Attachment: ofbizFormsHtmlEscape.patch

> Form Widget values are not always escaped for html special characters
> ---------------------------------------------------------------------
>
>                 Key: OFBIZ-1067
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-1067
>             Project: OFBiz
>          Issue Type: Bug
>          Components: framework
>    Affects Versions: SVN trunk, Release Branch 4.0
>         Environment: All
>            Reporter: Vinay Agarwal
>            Priority: Minor
>             Fix For: SVN trunk, Release Branch 4.0
>
>         Attachments: ofbizFormsHtmlEscape.patch
>
>
> Value in hidden fields isn't escaped for html characters (<,> etc.) which are present if the ElectronicText has formatting. 
> I used StringEscapeUtils.escapeHtml of org.apache.commons.lang.StringEscapeUtils class that has html escape and other similar utilities. Text fields were already escaped with a own escape function which I replaced with this function. I also escaped file field.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.