', it will make IE render page uncorrectly

Situ Chenghao (JIRA) Tue, 23 Oct 2007 00:13:12 -0700

StringEscapeUtils..escapeJavaScript() method did not escape '/' into '\/', it 
will make IE render page uncorrectly
------------------------------------------------------------------------------------------------------------------


                 Key: LANG-363
                 URL: https://issues.apache.org/jira/browse/LANG-363
             Project: Commons Lang
          Issue Type: Bug
    Affects Versions: 2.3
         Environment: JDK1.5 + commons-lang-2.3.jar + IE 6.0
            Reporter: Situ Chenghao
            Priority: Minor


If Javascripts including'/', IE will parse the scripts uncorrectly, actually 
'/' should be escaped to '\/'.
For example, document.getElementById("test").value = 
'<script>alert(\'aaa\');</script>';this expression will make IE render page 
uncorrect, it should be document.getElementById("test").value = 
'<script>alert(\'aaa\');<\/script>';

Btw, Spring's JavascriptEscape behavor is correct.
Try  to run below codes, you will find the difference:
  String s = "<script>alert('aaa');</script>";
  String str = org.springframework.web.util.JavaScriptUtils.javaScriptEscape(s);
  System.out.println("Spring JS Escape : "+str);
  str = org.apache.commons.lang.StringEscapeUtils.escapeJavaScript(s);
  System.out.println("Apache Common Lang JS Escape : "+ str);

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Created: (LANG-363) StringEscapeUtils..escapeJavaScript() method did not escape '/' into '\/', it will make IE render page uncorrectly

Reply via email to