This is an automated email from the ASF dual-hosted git repository. jleroux pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push: new 733d0e0a8a Fixed: Extend HTML Sanitizer - style attribute (OFBIZ-12691) 733d0e0a8a is described below commit 733d0e0a8aeed9faf7ebd26be12178ba6987dd4f Author: Jacques Le Roux <jacques.le.r...@les7arts.com> AuthorDate: Tue Sep 13 13:16:22 2022 +0200 Fixed: Extend HTML Sanitizer - style attribute (OFBIZ-12691) Forgot to update UtilCodecTests::testCheckStringForHtmlSafe. UtilCodec::checkStringForHtmlSafe now returns HTML entities for quotes (single or double) --- .../base/src/test/java/org/apache/ofbiz/base/util/UtilCodecTests.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework/base/src/test/java/org/apache/ofbiz/base/util/UtilCodecTests.java b/framework/base/src/test/java/org/apache/ofbiz/base/util/UtilCodecTests.java index 2603bd191e..c93c6ad55a 100644 --- a/framework/base/src/test/java/org/apache/ofbiz/base/util/UtilCodecTests.java +++ b/framework/base/src/test/java/org/apache/ofbiz/base/util/UtilCodecTests.java @@ -101,7 +101,7 @@ public class UtilCodecTests { List<String> errorList = new ArrayList<>(); String canonicalizedXssVector = UtilCodec.checkStringForHtmlSafe("fieldName", xssVector, errorList, new Locale("test"), true); // labels are not available in testClasses Gradle task - assertEquals("<script>alert('XSS vector');</script>", canonicalizedXssVector); + assertEquals("<script>alert('XSS vector');</script>", canonicalizedXssVector); assertEquals(1, errorList.size()); assertEquals("In field [fieldName] by our input policy, your input has not been accepted for security reason. " + "Please check and modify accordingly, thanks.", errorList.get(0));