[
https://issues.apache.org/jira/browse/OFBIZ-3135?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jacques Le Roux closed OFBIZ-3135.
----------------------------------
Resolution: Fixed
Fix Version/s: SVN trunk
Release Branch 9.04
Assignee: Jacques Le Roux
Thanks Patrick,
I checked the diff you provided against
http://code.google.com/p/owasp-esapi-java/source/detail?r=755 and found no
differences (except test classes no present of course)
I replaced the jar in trunk at r884781, R9.04 at r884783
> In owasp-esapi-java, htmlCodec.decode is broken for all entities where
> entity.substr(0, x) exists
> --------------------------------------------------------------------------------------------------
>
> Key: OFBIZ-3135
> URL: https://issues.apache.org/jira/browse/OFBIZ-3135
> Project: OFBiz
> Issue Type: Bug
> Components: framework
> Affects Versions: SVN trunk
> Reporter: Patrick Antivackis
> Assignee: Jacques Le Roux
> Fix For: Release Branch 9.04, SVN trunk
>
> Attachments: owasp-esapi-full-java-1.4.jar, patch-owasp-1.4.diff
>
>
> It's because HTMLEntityCodec.getNamedEntity stop at the first entity found
> so it will never return ² or ³ because &sup exists, neither &piv
> because &pi exists and all other entities where a shorter entity exists.
> See bug reports :
> http://code.google.com/p/owasp-esapi-java/issues/detail?id=45
> Attach is a recompile patched version of the library based on
> owasp-esapi-java-src-1.4.zip
> and a diff of src/org/owasp/esapi/codecs/HTMLEntityCodec.java
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
