Re: Encoding issues with product names

Le 01/10/2020 à 08:42, Jacques Le Roux a écrit : by alert('xss') This has been inadvertently copied there (actually copied from HTML browser source page when copying alert('xss'), I'm a leazy type-writer)

Re: Encoding issues with product names

Hi Mridul, Maybe I miss what you mean, because everywhere, not only in ShoppingCartItem.java, "html" encoding is used not "string" encoding. Again, the reason is to prevent XSS attacks. I understand that you suggest that, eg: String productName =

Re: Encoding issues with product names

Hi Amit, I agree with Jacques. Though I see that in shopping cart implementation when copying product name to order item name it uses string encoding vs html encoding, I think this could be fixed to use html encoding for product/item name like it's done for product/item description in the same

Re: Encoding issues with product names

Hi Amit, It's better to encode to prevent XSS. Then of course we need to decode when showing those values. Actually in this case it's automatically encoded by Freemarker as explained in this old but still good reference: https://ofbiz.markmail.org/thread/e2iznsqhhxxdplxh So we can do the

Encoding issues with product names

Hello All, Recently working for a client I encountered a weird issue related to special characters encodings. We have product names containing special characters like ' (apostrophes). When we create orders for it, an encoded value for it is stored in OrderItem.itemDescription. The same encoded