Form Widget values are not always escaped for html special characters
---------------------------------------------------------------------
Key: OFBIZ-1067
URL: https://issues.apache.org/jira/browse/OFBIZ-1067
Project: OFBiz
Issue Type: Bug
Components: framework
Affects Versions: SVN trunk, Release Branch 4.0
Environment: All
Reporter: Vinay Agarwal
Priority: Minor
Fix For: SVN trunk, Release Branch 4.0
Attachments: ofbizFormsHtmlEscape.patch
Value in hidden fields isn't escaped for html characters (<,> etc.) which are
present if the ElectronicText has formatting.
I used StringEscapeUtils.escapeHtml of
org.apache.commons.lang.StringEscapeUtils class that has html escape and other
similar utilities. Text fields were already escaped with a own escape function
which I replaced with this function. I also escaped file field.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
