[jira] [Commented] (OFBIZ-5847) If define the & and combine with "part" that encode to ∂

Leon (JIRA) Thu, 29 Jan 2015 18:24:57 -0800

    [ 
https://issues.apache.org/jira/browse/OFBIZ-5847?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14298110#comment-14298110
 ]


Leon commented on OFBIZ-5847:
-----------------------------

Hi, Jacques, 

I have test it with new ESAPI (2.1), but the problem still occurs.

Seems ESAPI treats the html entity without trailing semicolon same as with that.

See 
http://owasp-esapi-java.googlecode.com/svn/trunk_doc/1.4.4/org/owasp/esapi/reference/DefaultEncoder.html#canonicalize(java.lang.String,
 it's doc for 1.4.4, however the related source does not change more in new 
release. There's a note like "Note that all of these formats may possibly 
render properly in a browser without the trailing semicolon."

> If define the &amp; and combine with "part" that encode to ∂
> ------------------------------------------------------------
>
>                 Key: OFBIZ-5847
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-5847
>             Project: OFBiz
>          Issue Type: Bug
>          Components: ALL APPLICATIONS
>    Affects Versions: Trunk
>            Reporter: Supachai Chaima-ngua
>            Assignee: Nicolas Malin
>              Labels: encode, url
>             Fix For: Trunk, 12.04.06, 13.07.02
>
>         Attachments: OFBIZ-5847.patch, OFBiz  WorkEffort Manager  Calendar.png
>
>
> XML widget problems: If define the &amp; and combine with "part" that encode 
> to ∂
> Example >>>
> BEFORE: viewprofile?status=Y&amp;partyId=Demo
> AFTER: viewprofile?status=Y∂yId=Demo



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (OFBIZ-5847) If define the & and combine with "part" that encode to ∂

Reply via email to