This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new 733d0e0a8a Fixed: Extend HTML Sanitizer - style attribute (OFBIZ-12691)
733d0e0a8a is described below
commit 733d0e0a8aeed9faf7ebd26be12178ba6987dd4f
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Tue Sep 13 13:16:22 2022 +0200
Fixed: Extend HTML Sanitizer - style attribute (OFBIZ-12691)
Forgot to update UtilCodecTests::testCheckStringForHtmlSafe.
UtilCodec::checkStringForHtmlSafe now returns HTML entities for quotes
(single
or double)
---
.../base/src/test/java/org/apache/ofbiz/base/util/UtilCodecTests.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
a/framework/base/src/test/java/org/apache/ofbiz/base/util/UtilCodecTests.java
b/framework/base/src/test/java/org/apache/ofbiz/base/util/UtilCodecTests.java
index 2603bd191e..c93c6ad55a 100644
---
a/framework/base/src/test/java/org/apache/ofbiz/base/util/UtilCodecTests.java
+++
b/framework/base/src/test/java/org/apache/ofbiz/base/util/UtilCodecTests.java
@@ -101,7 +101,7 @@ public class UtilCodecTests {
List<String> errorList = new ArrayList<>();
String canonicalizedXssVector =
UtilCodec.checkStringForHtmlSafe("fieldName", xssVector, errorList,
new Locale("test"), true); // labels are not available in
testClasses Gradle task
- assertEquals("<script>alert('XSS vector');</script>",
canonicalizedXssVector);
+ assertEquals("<script>alert('XSS vector');</script>",
canonicalizedXssVector);
assertEquals(1, errorList.size());
assertEquals("In field [fieldName] by our input policy, your input has
not been accepted for security reason. "
+ "Please check and modify accordingly, thanks.",
errorList.get(0));
