[ https://issues.apache.org/jira/browse/OFBIZ-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12501985 ]
Jacopo Cappellato commented on OFBIZ-1067: ------------------------------------------ +1 (not tested but sounds good). > Form Widget values are not always escaped for html special characters > --------------------------------------------------------------------- > > Key: OFBIZ-1067 > URL: https://issues.apache.org/jira/browse/OFBIZ-1067 > Project: OFBiz > Issue Type: Bug > Components: framework > Affects Versions: SVN trunk, Release Branch 4.0 > Environment: All > Reporter: Vinay Agarwal > Priority: Minor > Fix For: SVN trunk, Release Branch 4.0 > > Attachments: ofbizFormsHtmlEscape.patch > > > Value in hidden fields isn't escaped for html characters (<,> etc.) which are > present if the ElectronicText has formatting. > I used StringEscapeUtils.escapeHtml of > org.apache.commons.lang.StringEscapeUtils class that has html escape and > other similar utilities. Text fields were already escaped with a own escape > function which I replaced with this function. I also escaped file field. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.