[ https://issues.apache.org/jira/browse/OFBIZ-12249?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17358120#comment-17358120 ]
Xin Wang commented on OFBIZ-12249: ---------------------------------- Hi Jacques, Seems that following example will be rejected by this new patch: {quote}blah blah blah ... (see [http://example.com/a%20link]) ... {quote} I think that for free-form text input widgets, it is really hard to guess what kind of text will be submitted. What we can do is output encoding, instead of input sanitization. > Unexpected decoding of url encoded textarea data after submission > ------------------------------------------------------------------ > > Key: OFBIZ-12249 > URL: https://issues.apache.org/jira/browse/OFBIZ-12249 > Project: OFBiz > Issue Type: Bug > Affects Versions: Trunk > Reporter: Xin Wang > Assignee: Jacques Le Roux > Priority: Major > Attachments: OFBIZ-12249.patch > > > When trying to add a note to WorkEffort entity, I found that url encoded > characters are unescaped, which is not expected. > e.g.: > 1. Go to page: > https://demo-trunk.ofbiz.apache.org/workeffort/control/EditWorkEffortNotes?workEffortId=TASK01 > 2. Add a note with content: https://example.com/a%20link > 3. After submission, it will turned to be: https://example.com/a link > > -- This message was sent by Atlassian Jira (v8.3.4#803005)