You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by "Vinay Agarwal (JIRA)" <ji...@apache.org> on 2007/06/06 18:50:26 UTC
[jira] Created: (OFBIZ-1067) Form Widget values are not always
escaped for html special characters
Form Widget values are not always escaped for html special characters
---------------------------------------------------------------------
Key: OFBIZ-1067
URL: https://issues.apache.org/jira/browse/OFBIZ-1067
Project: OFBiz
Issue Type: Bug
Components: framework
Affects Versions: SVN trunk, Release Branch 4.0
Environment: All
Reporter: Vinay Agarwal
Priority: Minor
Fix For: SVN trunk, Release Branch 4.0
Attachments: ofbizFormsHtmlEscape.patch
Value in hidden fields isn't escaped for html characters (<,> etc.) which are present if the ElectronicText has formatting.
I used StringEscapeUtils.escapeHtml of org.apache.commons.lang.StringEscapeUtils class that has html escape and other similar utilities. Text fields were already escaped with a own escape function which I replaced with this function. I also escaped file field.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (OFBIZ-1067) Form Widget values are not always
escaped for html special characters
Posted by "Jacopo Cappellato (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jacopo Cappellato reassigned OFBIZ-1067:
----------------------------------------
Assignee: Jacopo Cappellato
> Form Widget values are not always escaped for html special characters
> ---------------------------------------------------------------------
>
> Key: OFBIZ-1067
> URL: https://issues.apache.org/jira/browse/OFBIZ-1067
> Project: OFBiz
> Issue Type: Bug
> Components: framework
> Affects Versions: SVN trunk, Release Branch 4.0
> Environment: All
> Reporter: Vinay Agarwal
> Assignee: Jacopo Cappellato
> Priority: Minor
> Fix For: SVN trunk, Release Branch 4.0
>
> Attachments: ofbizFormsHtmlEscape.patch
>
>
> Value in hidden fields isn't escaped for html characters (<,> etc.) which are present if the ElectronicText has formatting.
> I used StringEscapeUtils.escapeHtml of org.apache.commons.lang.StringEscapeUtils class that has html escape and other similar utilities. Text fields were already escaped with a own escape function which I replaced with this function. I also escaped file field.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (OFBIZ-1067) Form Widget values are not always
escaped for html special characters
Posted by "Jacopo Cappellato (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jacopo Cappellato closed OFBIZ-1067.
------------------------------------
Resolution: Fixed
A bigger patch (including the one from Vinay) is in rev. 583091
> Form Widget values are not always escaped for html special characters
> ---------------------------------------------------------------------
>
> Key: OFBIZ-1067
> URL: https://issues.apache.org/jira/browse/OFBIZ-1067
> Project: OFBiz
> Issue Type: Bug
> Components: framework
> Affects Versions: SVN trunk, Release Branch 4.0
> Environment: All
> Reporter: Vinay Agarwal
> Assignee: Jacopo Cappellato
> Priority: Minor
> Fix For: SVN trunk, Release Branch 4.0
>
> Attachments: ofbizFormsHtmlEscape.patch
>
>
> Value in hidden fields isn't escaped for html characters (<,> etc.) which are present if the ElectronicText has formatting.
> I used StringEscapeUtils.escapeHtml of org.apache.commons.lang.StringEscapeUtils class that has html escape and other similar utilities. Text fields were already escaped with a own escape function which I replaced with this function. I also escaped file field.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OFBIZ-1067) Form Widget values are not always
escaped for html special characters
Posted by "Jacopo Cappellato (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12501985 ]
Jacopo Cappellato commented on OFBIZ-1067:
------------------------------------------
+1 (not tested but sounds good).
> Form Widget values are not always escaped for html special characters
> ---------------------------------------------------------------------
>
> Key: OFBIZ-1067
> URL: https://issues.apache.org/jira/browse/OFBIZ-1067
> Project: OFBiz
> Issue Type: Bug
> Components: framework
> Affects Versions: SVN trunk, Release Branch 4.0
> Environment: All
> Reporter: Vinay Agarwal
> Priority: Minor
> Fix For: SVN trunk, Release Branch 4.0
>
> Attachments: ofbizFormsHtmlEscape.patch
>
>
> Value in hidden fields isn't escaped for html characters (<,> etc.) which are present if the ElectronicText has formatting.
> I used StringEscapeUtils.escapeHtml of org.apache.commons.lang.StringEscapeUtils class that has html escape and other similar utilities. Text fields were already escaped with a own escape function which I replaced with this function. I also escaped file field.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OFBIZ-1067) Form Widget values are not always
escaped for html special characters
Posted by "Vinay Agarwal (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Vinay Agarwal updated OFBIZ-1067:
---------------------------------
Attachment: ofbizFormsHtmlEscape.patch
> Form Widget values are not always escaped for html special characters
> ---------------------------------------------------------------------
>
> Key: OFBIZ-1067
> URL: https://issues.apache.org/jira/browse/OFBIZ-1067
> Project: OFBiz
> Issue Type: Bug
> Components: framework
> Affects Versions: SVN trunk, Release Branch 4.0
> Environment: All
> Reporter: Vinay Agarwal
> Priority: Minor
> Fix For: SVN trunk, Release Branch 4.0
>
> Attachments: ofbizFormsHtmlEscape.patch
>
>
> Value in hidden fields isn't escaped for html characters (<,> etc.) which are present if the ElectronicText has formatting.
> I used StringEscapeUtils.escapeHtml of org.apache.commons.lang.StringEscapeUtils class that has html escape and other similar utilities. Text fields were already escaped with a own escape function which I replaced with this function. I also escaped file field.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.