[
https://issues.apache.org/jira/browse/OFBIZ-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jacopo Cappellato closed OFBIZ-1067.
------------------------------------
Resolution: Fixed
A bigger patch (including the one from Vinay) is in rev. 583091
> Form Widget values are not always escaped for html special characters
> ---------------------------------------------------------------------
>
> Key: OFBIZ-1067
> URL: https://issues.apache.org/jira/browse/OFBIZ-1067
> Project: OFBiz
> Issue Type: Bug
> Components: framework
> Affects Versions: SVN trunk, Release Branch 4.0
> Environment: All
> Reporter: Vinay Agarwal
> Assignee: Jacopo Cappellato
> Priority: Minor
> Fix For: SVN trunk, Release Branch 4.0
>
> Attachments: ofbizFormsHtmlEscape.patch
>
>
> Value in hidden fields isn't escaped for html characters (<,> etc.) which are
> present if the ElectronicText has formatting.
> I used StringEscapeUtils.escapeHtml of
> org.apache.commons.lang.StringEscapeUtils class that has html escape and
> other similar utilities. Text fields were already escaped with a own escape
> function which I replaced with this function. I also escaped file field.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
