You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by "Jacopo Cappellato (JIRA)" <ji...@apache.org> on 2007/10/09 12:19:50 UTC
[jira] Closed: (OFBIZ-1067) Form Widget values are not always
escaped for html special characters
[ https://issues.apache.org/jira/browse/OFBIZ-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jacopo Cappellato closed OFBIZ-1067.
------------------------------------
Resolution: Fixed
A bigger patch (including the one from Vinay) is in rev. 583091
> Form Widget values are not always escaped for html special characters
> ---------------------------------------------------------------------
>
> Key: OFBIZ-1067
> URL: https://issues.apache.org/jira/browse/OFBIZ-1067
> Project: OFBiz
> Issue Type: Bug
> Components: framework
> Affects Versions: SVN trunk, Release Branch 4.0
> Environment: All
> Reporter: Vinay Agarwal
> Assignee: Jacopo Cappellato
> Priority: Minor
> Fix For: SVN trunk, Release Branch 4.0
>
> Attachments: ofbizFormsHtmlEscape.patch
>
>
> Value in hidden fields isn't escaped for html characters (<,> etc.) which are present if the ElectronicText has formatting.
> I used StringEscapeUtils.escapeHtml of org.apache.commons.lang.StringEscapeUtils class that has html escape and other similar utilities. Text fields were already escaped with a own escape function which I replaced with this function. I also escaped file field.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.