[ https://issues.apache.org/jira/browse/OFBIZ-3135?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12776935#action_12776935 ]
Scott Gray commented on OFBIZ-3135: ----------------------------------- Has the bug been confirmed as fixed? It looks like the issue owner was waiting for a response to confirm it works. > In owasp-esapi-java, htmlCodec.decode is broken for all entities where > entity.substr(0, x) exists > -------------------------------------------------------------------------------------------------- > > Key: OFBIZ-3135 > URL: https://issues.apache.org/jira/browse/OFBIZ-3135 > Project: OFBiz > Issue Type: Bug > Components: framework > Affects Versions: SVN trunk > Reporter: Patrick Antivackis > Attachments: owasp-esapi-full-java-1.4.jar, > Patch-HTMLEntityCodec.java.diff > > > It's because HTMLEntityCodec.getNamedEntity stop at the first entity found > so it will never return ² or ³ because &sup exists, neither &piv > because &pi exists and all other entities where a shorter entity exists. > See bug reports : > http://code.google.com/p/owasp-esapi-java/issues/detail?id=45 > Attach is a recompile patched version of the library based on > owasp-esapi-java-src-1.4.zip > and a diff of src/org/owasp/esapi/codecs/HTMLEntityCodec.java -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.