In owasp-esapi-java, htmlCodec.decode is broken for all entities where
entity.substr(0, x) exists
--------------------------------------------------------------------------------------------------
Key: OFBIZ-3135
URL: https://issues.apache.org/jira/browse/OFBIZ-3135
Project: OFBiz
Issue Type: Bug
Components: framework
Affects Versions: SVN trunk
Reporter: Patrick Antivackis
It's because HTMLEntityCodec.getNamedEntity stop at the first entity found
so it will never return ² or ³ because &sup exists, neither &piv
because &pi exists and all other entities where a shorter entity exists.
See bug reports :
http://code.google.com/p/owasp-esapi-java/issues/detail?id=45
Attach is a recompile patched version of the library based on
owasp-esapi-java-src-1.4.zip
and a diff of src/org/owasp/esapi/codecs/HTMLEntityCodec.java
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
