You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by lu...@apache.org on 2013/05/29 04:03:49 UTC
svn commit: r1487199 - in /myfaces/core/branches/2.0.x/shared/src:
main/java/org/apache/myfaces/shared/renderkit/html/util/HTMLEncoder.java
test/java/org/apache/myfaces/shared/renderkit/html/util/HTMLEncoderTest.java
Author: lu4242
Date: Wed May 29 02:03:49 2013
New Revision: 1487199
URL: http://svn.apache.org/r1487199
Log:
MYFACES-3731 HTMLEncoder.encodeURIAtributte re-escapes already percent-encoded string
Modified:
myfaces/core/branches/2.0.x/shared/src/main/java/org/apache/myfaces/shared/renderkit/html/util/HTMLEncoder.java
myfaces/core/branches/2.0.x/shared/src/test/java/org/apache/myfaces/shared/renderkit/html/util/HTMLEncoderTest.java
Modified: myfaces/core/branches/2.0.x/shared/src/main/java/org/apache/myfaces/shared/renderkit/html/util/HTMLEncoder.java
URL: http://svn.apache.org/viewvc/myfaces/core/branches/2.0.x/shared/src/main/java/org/apache/myfaces/shared/renderkit/html/util/HTMLEncoder.java?rev=1487199&r1=1487198&r2=1487199&view=diff
==============================================================================
--- myfaces/core/branches/2.0.x/shared/src/main/java/org/apache/myfaces/shared/renderkit/html/util/HTMLEncoder.java (original)
+++ myfaces/core/branches/2.0.x/shared/src/main/java/org/apache/myfaces/shared/renderkit/html/util/HTMLEncoder.java Wed May 29 02:03:49 2013
@@ -612,8 +612,8 @@ public abstract class HTMLEncoder
{
char c1 = string.charAt(i+1);
char c2 = string.charAt(i+2);
- if ((( c1 >= '0' && c1 <='9') || (c1 >='A' && c1 <='Z')) &&
- (( c2 >= '0' && c2 <='9') || (c2 >='A' && c2 <='Z')))
+ if ((( c1 >= '0' && c1 <='9') || (c1 >='A' && c1 <='Z') || (c1 >='a' && c1 <='z')) &&
+ (( c2 >= '0' && c2 <='9') || (c2 >='A' && c2 <='Z') || (c2 >='a' && c2 <='z')))
{
// do not percent encode, because it could be already encoded
// and we don't want encode it twice
@@ -771,8 +771,8 @@ public abstract class HTMLEncoder
{
char c1 = string.charAt(i+1);
char c2 = string.charAt(i+2);
- if ((( c1 >= '0' && c1 <='9') || (c1 >='A' && c1 <='Z')) &&
- (( c2 >= '0' && c2 <='9') || (c2 >='A' && c2 <='Z')))
+ if ((( c1 >= '0' && c1 <='9') || (c1 >='A' && c1 <='Z') || (c1 >='a' && c1 <='z')) &&
+ (( c2 >= '0' && c2 <='9') || (c2 >='A' && c2 <='Z') || (c2 >='a' && c2 <='z')))
{
// do not percent encode, because it could be already encoded
}
@@ -1010,8 +1010,8 @@ public abstract class HTMLEncoder
{
char c1 = string.charAt(i+1);
char c2 = string.charAt(i+2);
- if ((( c1 >= '0' && c1 <='9') || (c1 >='A' && c1 <='Z')) &&
- (( c2 >= '0' && c2 <='9') || (c2 >='A' && c2 <='Z')))
+ if ((( c1 >= '0' && c1 <='9') || (c1 >='A' && c1 <='Z') || (c1 >='a' && c1 <='z')) &&
+ (( c2 >= '0' && c2 <='9') || (c2 >='A' && c2 <='Z') || (c2 >='a' && c2 <='z')))
{
// do not percent encode, because it could be already encoded
// and we don't want encode it twice
@@ -1221,8 +1221,8 @@ public abstract class HTMLEncoder
{
char c1 = string.charAt(i+1);
char c2 = string.charAt(i+2);
- if ((( c1 >= '0' && c1 <='9') || (c1 >='A' && c1 <='Z')) &&
- (( c2 >= '0' && c2 <='9') || (c2 >='A' && c2 <='Z')))
+ if ((( c1 >= '0' && c1 <='9') || (c1 >='A' && c1 <='Z') || (c1 >='a' && c1 <='z')) &&
+ (( c2 >= '0' && c2 <='9') || (c2 >='A' && c2 <='Z') || (c2 >='a' && c2 <='z')))
{
// do not percent encode, because it could be already encoded
}
Modified: myfaces/core/branches/2.0.x/shared/src/test/java/org/apache/myfaces/shared/renderkit/html/util/HTMLEncoderTest.java
URL: http://svn.apache.org/viewvc/myfaces/core/branches/2.0.x/shared/src/test/java/org/apache/myfaces/shared/renderkit/html/util/HTMLEncoderTest.java?rev=1487199&r1=1487198&r2=1487199&view=diff
==============================================================================
--- myfaces/core/branches/2.0.x/shared/src/test/java/org/apache/myfaces/shared/renderkit/html/util/HTMLEncoderTest.java (original)
+++ myfaces/core/branches/2.0.x/shared/src/test/java/org/apache/myfaces/shared/renderkit/html/util/HTMLEncoderTest.java Wed May 29 02:03:49 2013
@@ -271,6 +271,27 @@ public class HTMLEncoderTest extends Abs
}
+ public void testUsAsciiEscapedCharactersBeforeQueryLowerCase() throws Exception
+ {
+ // Escape
+ // - From %00 to %20,
+ // - <"> %22, "%" %25
+ // - "<" %3C, ">" %3E,
+ // - "\" %5C, "^" %5E, "`" %60
+ // - "{" %7B, "|" %7C, "}" %7D
+ // - From %7F ad infinitum
+ String cad1 = "?key=\"%<>\\`{|}^\n "; //Omit %
+ String cad2 = "?key=%22%25%3c%3e%5c%60%7b%7c%7d%5e%0a%20";
+ String cad3 = HTMLEncoder.encodeURIAtributte(cad1,"UTF-8");
+ assertEquals(cad2.substring(0,5) + cad2.substring(5).toUpperCase(), cad3);
+
+ String cad4 = "\"%<>\\`{|}^\n ";
+ String cad5 = "%22%25%3c%3e%5c%60%7b%7c%7d%5e%0a%20";
+ String cad6 = HTMLEncoder.encodeURIAtributte(cad4,"UTF-8");
+ assertEquals(cad5.substring(0,5) + cad5.substring(5).toUpperCase(), cad6);
+
+ }
+
public void testWriteNonUsAsciiOnURIAttribute() throws Exception
{
// Character ü in ISO-8859-1 is %FC but on UTF-8 is %C3%BC. In this case,
@@ -349,4 +370,4 @@ public class HTMLEncoderTest extends Abs
//assertEquals(cad14,cad15);
}
-}
\ No newline at end of file
+}