Oops, I note the code is escapeXML(escapeHTML), not
escapeHTML(escapeHTML). Still checking...
Glen
On 08/19/2014 09:52 PM, Glen Mazza wrote:
Hi Dave, do you know why
StringEscapeUtils.escapeXml(Utilities.escapeHTML(query)); is not
just coded as Utilities.escapeHTML(query); ?
On the
OK, I changed the code to:
public String getTerm() {
String query = searchRequest.getQuery();
return (query == null)
? : StringEscapeUtils.escapeXml10(query);
}
in SearchResultsModel, the double-escaping problem has gone away. The
escapeXML method is
Hi Dave, do you know why
StringEscapeUtils.escapeXml(Utilities.escapeHTML(query)); is not just
coded as Utilities.escapeHTML(query); ?
On the basic theme search, if I do a search on home run (with quotes),
the search field gets repopulated as quot;home runquot; , if I search
again, another
Glen,
When I do a search containing and ampersand, roller does not show correctly
the returned text.
eg
bz
actually returns :bamp;amp;z
which renders as bamp;z
It should return bamp;z with no second ampersand for it to render
correctly.
Checking the method getTerm() it does a double
Hi Greg, that was done by Dave as part of this commit last August 13th:
http://svn.apache.org/viewvc?view=revisionrevision=151, which *may*
have been part of the XSS security release Dave did the following
November: http://rollerweblogger.org/project/entry/apache_roller_5_0_2.
It may have