svn commit: r1648298 - in /ofbiz/trunk: applications/content/src/org/ofbiz/content/content/ framework/base/src/org/ofbiz/base/util/ framework/base/src/org/ofbiz/base/util/test/ framework/common/src/org/ofbiz/common/ framework/webapp/src/org/ofbiz/webap...

Mon, 29 Dec 2014 01:25:19 -0800 

Author: jacopoc
Date: Mon Dec 29 09:24:46 2014
New Revision: 1648298

URL: http://svn.apache.org/r1648298
Log:
A series of cleanup to the integration with OWASP ESAPI. Isolated dependencies 
on the external OWASP ESAPI jar into the StringUtil class.


Modified:
    
ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentUrlFilter.java
    ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java
    ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java
    ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/StringUtilTests.java
    ofbiz/trunk/framework/common/src/org/ofbiz/common/CommonServices.java
    
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
    
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizContentTransform.java
    
ofbiz/trunk/framework/webtools/src/org/ofbiz/webtools/labelmanager/LabelManagerFactory.java
    ofbiz/trunk/framework/widget/src/org/ofbiz/widget/WidgetWorker.java
    
ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/MacroFormRenderer.java
    ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/HtmlWidget.java

Modified: 
ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentUrlFilter.java
URL: 
http://svn.apache.org/viewvc/ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentUrlFilter.java?rev=1648298&r1=1648297&r2=1648298&view=diff
==============================================================================
--- 
ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentUrlFilter.java
 (original)
+++ 
ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentUrlFilter.java
 Mon Dec 29 09:24:46 2014
@@ -39,7 +39,6 @@ import org.ofbiz.entity.Delegator;
 import org.ofbiz.entity.GenericValue;
 import org.ofbiz.entity.util.EntityQuery;
 import org.ofbiz.webapp.control.ContextFilter;
-import org.owasp.esapi.errors.EncodingException;
 
 public class ContentUrlFilter extends ContextFilter {
     public final static String module = ContentUrlFilter.class.getName();
@@ -118,14 +117,10 @@ public class ContentUrlFilter extends Co
                     .queryFirst();
             if (contentAssocDataResource != null) {
                 url = contentAssocDataResource.getString("drObjectInfo");
-                try {
-                    url = StringUtil.defaultWebEncoder.decodeFromURL(url);
-                    String mountPoint = request.getContextPath();
-                    if (!(mountPoint.equals("/")) && !(mountPoint.equals(""))) 
{
-                        url = mountPoint + url;
-                    }
-                } catch (EncodingException e) {
-                    Debug.logError(e, module);
+                url = StringUtil.getDecoder("url").decode(url);
+                String mountPoint = request.getContextPath();
+                if (!(mountPoint.equals("/")) && !(mountPoint.equals(""))) {
+                    url = mountPoint + url;
                 }
             }
         } catch (Exception e) {

Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java
URL: 
http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java?rev=1648298&r1=1648297&r2=1648298&view=diff
==============================================================================
--- ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java 
(original)
+++ ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java Mon Dec 
29 09:24:46 2014
@@ -36,14 +36,12 @@ import java.util.regex.Pattern;
 import org.apache.commons.codec.DecoderException;
 import org.apache.commons.codec.binary.Hex;
 import org.ofbiz.base.lang.Appender;
-import org.owasp.esapi.ValidationErrorList;
-import org.owasp.esapi.Validator;
 import org.owasp.esapi.codecs.Codec;
 import org.owasp.esapi.codecs.HTMLEntityCodec;
 import org.owasp.esapi.codecs.PercentCodec;
+import org.owasp.esapi.errors.EncodingException;
 import org.owasp.esapi.errors.IntrusionException;
 import org.owasp.esapi.reference.DefaultEncoder;
-import org.owasp.esapi.reference.DefaultValidator;
 
 /**
  * Misc String Utility Functions
@@ -56,15 +54,11 @@ public class StringUtil {
     // FIXME: Not thread safe
     protected static final Map<String, Pattern> substitutionPatternMap;
 
-    /** OWASP ESAPI canonicalize strict flag; setting false so we only get 
warnings about double encoding, etc; can be set to true for exceptions and more 
security */
-    public static final boolean esapiCanonicalizeStrict = false;
-    public static final DefaultEncoder defaultWebEncoder;
-    public static final Validator defaultWebValidator;
+    private static final DefaultEncoder defaultWebEncoder;
     static {
         // possible codecs: CSSCodec, HTMLEntityCodec, JavaScriptCodec, 
MySQLCodec, OracleCodec, PercentCodec, UnixCodec, VBScriptCodec, WindowsCodec
         List<Codec> codecList = Arrays.asList(new HTMLEntityCodec(), new 
PercentCodec());
         defaultWebEncoder = new DefaultEncoder(codecList);
-        defaultWebValidator = new DefaultValidator();
         substitutionPatternMap = new HashMap<String, Pattern>();
         substitutionPatternMap.put("&&", Pattern.compile("@and", 
Pattern.LITERAL));
         substitutionPatternMap.put("||", Pattern.compile("@or", 
Pattern.LITERAL));
@@ -74,9 +68,10 @@ public class StringUtil {
         substitutionPatternMap.put(">", Pattern.compile("@gt", 
Pattern.LITERAL));
     }
 
-    public static final SimpleEncoder htmlEncoder = new HtmlEncoder();
-    public static final SimpleEncoder xmlEncoder = new XmlEncoder();
-    public static final SimpleEncoder stringEncoder = new StringEncoder();
+    private static final HtmlEncoder htmlEncoder = new HtmlEncoder();
+    private static final XmlEncoder xmlEncoder = new XmlEncoder();
+    private static final StringEncoder stringEncoder = new StringEncoder();
+    private static final UrlEncoder urlEncoder = new UrlEncoder();
 
     private StringUtil() {
     }
@@ -85,6 +80,10 @@ public class StringUtil {
         public String encode(String original);
     }
 
+    public static interface SimpleDecoder {
+        public String decode(String original);
+    }
+
     public static class HtmlEncoder implements SimpleEncoder {
         public String encode(String original) {
             return StringUtil.defaultWebEncoder.encodeForHTML(original);
@@ -97,6 +96,26 @@ public class StringUtil {
         }
     }
 
+    public static class UrlEncoder implements SimpleEncoder, SimpleDecoder {
+        public String encode(String original) {
+            try {
+                return StringUtil.defaultWebEncoder.encodeForURL(original);
+            } catch (EncodingException ee) {
+                Debug.logError(ee, module);
+                return null;
+            }
+        }
+
+        public String decode(String original) {
+            try {
+                return StringUtil.defaultWebEncoder.decodeFromURL(original);
+            } catch (EncodingException ee) {
+                Debug.logError(ee, module);
+                return null;
+            }
+        }
+    }
+
     public static class StringEncoder implements SimpleEncoder {
         public String encode(String original) {
             if (original != null) {
@@ -109,7 +128,9 @@ public class StringUtil {
     // ================== Begin General Functions ==================
 
     public static SimpleEncoder getEncoder(String type) {
-        if ("xml".equals(type)) {
+        if ("url".equals(type)) {
+            return StringUtil.urlEncoder;
+        } else if ("xml".equals(type)) {
             return StringUtil.xmlEncoder;
         } else if ("html".equals(type)) {
             return StringUtil.htmlEncoder;
@@ -120,6 +141,14 @@ public class StringUtil {
         }
     }
 
+    public static SimpleDecoder getDecoder(String type) {
+        if ("url".equals(type)) {
+            return StringUtil.urlEncoder;
+        } else {
+            return null;
+        }
+    }
+
     public static String internString(String value) {
         return value != null ? value.intern() : null;
     }
@@ -594,6 +623,13 @@ public class StringUtil {
         return result;
     }
 
+    public static String canonicalize(String value) throws IntrusionException {
+        return defaultWebEncoder.canonicalize(value);
+    }
+
+    public static String canonicalize(String value, boolean strict) throws 
IntrusionException {
+        return defaultWebEncoder.canonicalize(value, strict);
+    }
     /**
      * Uses a black-list approach for necessary characters for HTML.
      * Does not allow various characters (after canonicalization), including 
"<", ">", "&" (if not followed by a space), and "%" (if not followed by a 
space).
@@ -606,7 +642,7 @@ public class StringUtil {
 
         // canonicalize, strict (error on double-encoding)
         try {
-            value = defaultWebEncoder.canonicalize(value, true);
+            value = canonicalize(value, true);
         } catch (IntrusionException e) {
             // NOTE: using different log and user targeted error messages to 
allow the end-user message to be less technical
             Debug.logError("Canonicalization (format consistency, character 
escaping that is mixed or double, etc) error for attribute named [" + valueName 
+ "], String [" + value + "]: " + e.toString(), module);
@@ -651,21 +687,6 @@ public class StringUtil {
         return value;
     }
 
-    /**
-     * Uses a white-list approach to check for safe HTML.
-     * Based on the ESAPI validator configured in the antisamy-esapi.xml file.
-     *
-     * @param value
-     * @param errorMessageList
-     * @return String with updated value if needed for safer HTML.
-     */
-    public static String checkStringForHtmlSafeOnly(String valueName, String 
value, List<String> errorMessageList) {
-        ValidationErrorList vel = new ValidationErrorList();
-        value = defaultWebValidator.getValidSafeHTML(valueName, value, 
Integer.MAX_VALUE, true, vel);
-        errorMessageList.addAll(UtilGenerics.checkList(vel.errors(), 
String.class));
-        return value;
-    }
-
     /**
      * Remove/collapse multiple newline characters
      *

Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java
URL: 
http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java?rev=1648298&r1=1648297&r2=1648298&view=diff
==============================================================================
--- ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java (original)
+++ ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java Mon Dec 29 
09:24:46 2014
@@ -53,8 +53,6 @@ import org.apache.oro.text.regex.Malform
 import org.apache.oro.text.regex.Pattern;
 import org.apache.oro.text.regex.PatternMatcher;
 import org.apache.oro.text.regex.Perl5Matcher;
-import org.owasp.esapi.errors.EncodingException;
-import org.owasp.esapi.errors.IntrusionException;
 
 import com.ibm.icu.util.Calendar;
 
@@ -251,10 +249,11 @@ public class UtilHttp {
 
     public static String canonicalizeParameter(String paramValue) {
         try {
-            String cannedStr = 
StringUtil.defaultWebEncoder.canonicalize(paramValue, 
StringUtil.esapiCanonicalizeStrict);
+            /** calling canonicalize with strict flag set to false so we only 
get warnings about double encoding, etc; can be set to true for exceptions and 
more security */
+            String cannedStr = StringUtil.canonicalize(paramValue, false);
             if (Debug.verboseOn()) Debug.logVerbose("Canonicalized parameter 
with " + (cannedStr.equals(paramValue) ? "no " : "") + "change: original [" + 
paramValue + "] canned [" + cannedStr + "]", module);
             return cannedStr;
-        } catch (IntrusionException e) {
+        } catch (Exception e) {
             Debug.logError(e, "Error in canonicalize parameter value [" + 
paramValue + "]: " + e.toString(), module);
             return paramValue;
         }
@@ -791,22 +790,14 @@ public class UtilHttp {
                                 buf.append("&");
                             }
                         }
-                        try {
-                            
buf.append(StringUtil.defaultWebEncoder.encodeForURL(name));
-                        } catch (EncodingException e) {
-                            Debug.logError(e, module);
-                        }
+                        buf.append(StringUtil.getEncoder("url").encode(name));
                         /* the old way: try {
                             buf.append(URLEncoder.encode(name, "UTF-8"));
                         } catch (UnsupportedEncodingException e) {
                             Debug.logError(e, module);
                         } */
                         buf.append('=');
-                        try {
-                            
buf.append(StringUtil.defaultWebEncoder.encodeForURL(valueStr));
-                        } catch (EncodingException e) {
-                            Debug.logError(e, module);
-                        }
+                        
buf.append(StringUtil.getEncoder("url").encode(valueStr));
                         /* the old way: try {
                             buf.append(URLEncoder.encode(valueStr, "UTF-8"));
                         } catch (UnsupportedEncodingException e) {

Modified: 
ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/StringUtilTests.java
URL: 
http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/StringUtilTests.java?rev=1648298&r1=1648297&r2=1648298&view=diff
==============================================================================
--- 
ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/StringUtilTests.java 
(original)
+++ 
ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/StringUtilTests.java 
Mon Dec 29 09:24:46 2014
@@ -303,9 +303,6 @@ public class StringUtilTests extends Gen
         checkStringForHtmlStrictNone_test("double-encoding", "%2%353Cscript", 
"%2%353Cscript", "In field [double-encoding] found character escaping (mixed or 
double) that is not allowed or other format consistency error: 
org.owasp.esapi.errors.IntrusionException: Input validation failure");
     }
 
-    public void testCheckStringForHtmlSafeOnly() {
-    }
-
     public void testCollapseNewlines() {
     }
 

Modified: ofbiz/trunk/framework/common/src/org/ofbiz/common/CommonServices.java
URL: 
http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/src/org/ofbiz/common/CommonServices.java?rev=1648298&r1=1648297&r2=1648298&view=diff
==============================================================================
--- ofbiz/trunk/framework/common/src/org/ofbiz/common/CommonServices.java 
(original)
+++ ofbiz/trunk/framework/common/src/org/ofbiz/common/CommonServices.java Mon 
Dec 29 09:24:46 2014
@@ -64,7 +64,6 @@ import org.ofbiz.service.ModelService;
 import org.ofbiz.service.ServiceSynchronization;
 import org.ofbiz.service.ServiceUtil;
 import org.ofbiz.service.mail.MimeMessageWrapper;
-import org.owasp.esapi.errors.EncodingException;
 
 /**
  * Common Services
@@ -539,17 +538,15 @@ public class CommonServices {
     }
 
     public static Map<String, Object> resetMetric(DispatchContext dctx, 
Map<String, ?> context) {
-        String name = (String) context.get("name");
-        try {
-            name = StringUtil.defaultWebEncoder.decodeFromURL(name);
-        } catch (EncodingException e) {
-            return ServiceUtil.returnError("Exception thrown while decoding 
metric name \"" + name + "\"");
+        String originalName = (String) context.get("name");
+        String name = StringUtil.getDecoder("url").decode(originalName);
+        if (name == null) {
+            return ServiceUtil.returnError("Exception thrown while decoding 
metric name \"" + originalName + "\"");
         }
         Metrics metric = MetricsFactory.getMetric(name);
         if (metric != null) {
             metric.reset();
             return ServiceUtil.returnSuccess();
-
         }
         return ServiceUtil.returnError("Metric \"" + name + "\" not found.");
     }

Modified: 
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
URL: 
http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java?rev=1648298&r1=1648297&r2=1648298&view=diff
==============================================================================
--- 
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java 
(original)
+++ 
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java 
Mon Dec 29 09:24:46 2014
@@ -62,7 +62,6 @@ import org.ofbiz.webapp.view.ViewHandler
 import org.ofbiz.webapp.view.ViewHandlerException;
 import org.ofbiz.webapp.website.WebSiteProperties;
 import org.ofbiz.webapp.website.WebSiteWorker;
-import org.owasp.esapi.errors.EncodingException;
 import org.python.modules.re;
 
 /**
@@ -1116,13 +1115,11 @@ public class RequestHandler {
             if (queryString.length() > 1) {
                 queryString.append("&");
             }
-
-            try {
-                
queryString.append(StringUtil.defaultWebEncoder.encodeForURL(name));
+            String encodedName = StringUtil.getEncoder("url").encode(name);
+            if (encodedName != null) {
+                queryString.append(encodedName);
                 queryString.append("=");
-                
queryString.append(StringUtil.defaultWebEncoder.encodeForURL(value));
-            } catch (EncodingException e) {
-                Debug.logError(e, module);
+                queryString.append(StringUtil.getEncoder("url").encode(value));
             }
         }
     }

Modified: 
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizContentTransform.java
URL: 
http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizContentTransform.java?rev=1648298&r1=1648297&r2=1648298&view=diff
==============================================================================
--- 
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizContentTransform.java
 (original)
+++ 
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizContentTransform.java
 Mon Dec 29 09:24:46 2014
@@ -28,7 +28,6 @@ import org.ofbiz.base.util.Debug;
 import org.ofbiz.base.util.StringUtil;
 import org.ofbiz.base.util.UtilValidate;
 import org.ofbiz.webapp.taglib.ContentUrlTag;
-import org.owasp.esapi.errors.EncodingException;
 
 import freemarker.core.Environment;
 import freemarker.ext.beans.BeanModel;
@@ -93,11 +92,7 @@ public class OfbizContentTransform imple
                         return;
                     }
 
-                    try {
-                        requestUrl = 
StringUtil.defaultWebEncoder.decodeFromURL(requestUrl);
-                    } catch (EncodingException e) {
-                        Debug.logError(e, module);
-                    }
+                    requestUrl = 
StringUtil.getDecoder("url").decode(requestUrl);
 
                     // make the link
                     StringBuilder newURL = new StringBuilder();

Modified: 
ofbiz/trunk/framework/webtools/src/org/ofbiz/webtools/labelmanager/LabelManagerFactory.java
URL: 
http://svn.apache.org/viewvc/ofbiz/trunk/framework/webtools/src/org/ofbiz/webtools/labelmanager/LabelManagerFactory.java?rev=1648298&r1=1648297&r2=1648298&view=diff
==============================================================================
--- 
ofbiz/trunk/framework/webtools/src/org/ofbiz/webtools/labelmanager/LabelManagerFactory.java
 (original)
+++ 
ofbiz/trunk/framework/webtools/src/org/ofbiz/webtools/labelmanager/LabelManagerFactory.java
 Mon Dec 29 09:24:46 2014
@@ -40,7 +40,6 @@ import org.ofbiz.base.util.GeneralExcept
 import org.ofbiz.base.util.StringUtil;
 import org.ofbiz.base.util.UtilValidate;
 import org.ofbiz.base.util.UtilXml;
-import org.owasp.esapi.errors.EncodingException;
 import org.w3c.dom.Comment;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
@@ -103,7 +102,7 @@ public class LabelManagerFactory {
         }
     }
 
-    public void findMatchingLabels(String component, String fileName, String 
key, String locale) throws MalformedURLException, SAXException, 
ParserConfigurationException, IOException, EncodingException, GeneralException {
+    public void findMatchingLabels(String component, String fileName, String 
key, String locale) throws MalformedURLException, SAXException, 
ParserConfigurationException, IOException, GeneralException {
         if (UtilValidate.isEmpty(component) && UtilValidate.isEmpty(fileName) 
&& UtilValidate.isEmpty(key) && UtilValidate.isEmpty(locale)) {
             // Important! Don't allow unparameterized queries - doing so will 
result in loading the entire project into memory
             return;
@@ -124,7 +123,7 @@ public class LabelManagerFactory {
             for (Node propertyNode : 
UtilXml.childNodeList(resourceElem.getFirstChild())) {
                 if (propertyNode instanceof Element) {
                     Element propertyElem = (Element) propertyNode;
-                    String labelKey = 
StringUtil.defaultWebEncoder.canonicalize(propertyElem.getAttribute("key"));
+                    String labelKey = 
StringUtil.canonicalize(propertyElem.getAttribute("key"));
                     String labelComment = "";
                     for (Node valueNode : 
UtilXml.childNodeList(propertyElem.getFirstChild())) {
                         if (valueNode instanceof Element) {
@@ -135,7 +134,7 @@ public class LabelManagerFactory {
                             if( localeName.contains("_")) {
                                 localeName = localeName.replace('_', '-');
                             }
-                            String labelValue = 
StringUtil.defaultWebEncoder.canonicalize(UtilXml.nodeValue(valueElem.getFirstChild()));
+                            String labelValue = 
StringUtil.canonicalize(UtilXml.nodeValue(valueElem.getFirstChild()));
                             LabelInfo label = labels.get(labelKey + 
keySeparator + fileInfo.getFileName());
 
                             if (UtilValidate.isEmpty(label)) {
@@ -149,12 +148,12 @@ public class LabelManagerFactory {
                             localesFound.add(localeName);
                             labelComment = "";
                         } else if (valueNode instanceof Comment) {
-                            labelComment = labelComment + 
StringUtil.defaultWebEncoder.canonicalize(valueNode.getNodeValue());
+                            labelComment = labelComment + 
StringUtil.canonicalize(valueNode.getNodeValue());
                         }
                     }
                     labelKeyComment = "";
                 } else if (propertyNode instanceof Comment) {
-                    labelKeyComment = labelKeyComment + 
StringUtil.defaultWebEncoder.canonicalize(propertyNode.getNodeValue());
+                    labelKeyComment = labelKeyComment + 
StringUtil.canonicalize(propertyNode.getNodeValue());
                 }
             }
         }

Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/WidgetWorker.java
URL: 
http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/src/org/ofbiz/widget/WidgetWorker.java?rev=1648298&r1=1648297&r2=1648298&view=diff
==============================================================================
--- ofbiz/trunk/framework/widget/src/org/ofbiz/widget/WidgetWorker.java 
(original)
+++ ofbiz/trunk/framework/widget/src/org/ofbiz/widget/WidgetWorker.java Mon Dec 
29 09:24:46 2014
@@ -71,7 +71,7 @@ public class WidgetWorker {
         // We may get an encoded request like: 
&#47;projectmgr&#47;control&#47;EditTaskContents&#63;workEffortId&#61;10003
         // Try to reducing a possibly encoded string down to its simplest 
form: /projectmgr/control/EditTaskContents?workEffortId=10003
         // This step make sure the following appending externalLoginKey 
operation to work correctly
-        localRequestName = 
StringUtil.defaultWebEncoder.canonicalize(localRequestName);
+        localRequestName = StringUtil.canonicalize(localRequestName);
         Appendable localWriter = new StringWriter();
 
         if ("intra-app".equals(targetType)) {
@@ -300,7 +300,7 @@ public class WidgetWorker {
                 writer.append("<input name=\"");
                 writer.append(parameter.getKey());
                 writer.append("\" value=\"");
-                
writer.append(StringUtil.htmlEncoder.encode(parameter.getValue()));
+                
writer.append(StringUtil.getEncoder("html").encode(parameter.getValue()));
                 writer.append("\" type=\"hidden\"/>");
             }
         }

Modified: 
ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/MacroFormRenderer.java
URL: 
http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/MacroFormRenderer.java?rev=1648298&r1=1648297&r2=1648298&view=diff
==============================================================================
--- 
ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/MacroFormRenderer.java 
(original)
+++ 
ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/MacroFormRenderer.java 
Mon Dec 29 09:24:46 2014
@@ -3088,7 +3088,7 @@ public final class MacroFormRenderer imp
             parameters.append(parameter.getName());
             parameters.append("'");
             parameters.append(",'value':'");
-            
parameters.append(StringUtil.htmlEncoder.encode(parameter.getValue(context)));
+            
parameters.append(StringUtil.getEncoder("html").encode(parameter.getValue(context)));
             parameters.append("'}");
         }
         parameters.append("]");

Modified: 
ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/HtmlWidget.java
URL: 
http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/HtmlWidget.java?rev=1648298&r1=1648297&r2=1648298&view=diff
==============================================================================
--- ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/HtmlWidget.java 
(original)
+++ ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/HtmlWidget.java 
Mon Dec 29 09:24:46 2014
@@ -88,7 +88,7 @@ public class HtmlWidget extends ModelScr
         }
         @Override
         public String getAsString() {
-            return StringUtil.htmlEncoder.encode(super.getAsString());
+            return StringUtil.getEncoder("html").encode(super.getAsString());
         }
     }
 
@@ -100,7 +100,7 @@ public class HtmlWidget extends ModelScr
 
         @Override
         public String getAsString() {
-            return StringUtil.htmlEncoder.encode(super.getAsString());
+            return StringUtil.getEncoder("html").encode(super.getAsString());
         }
 
     }

Reply via email to