Le 25/05/2019 à 11:01, Mathieu Lirzin a écrit :
Hello,
Jacques Le Roux <jacques.le.r...@les7arts.com> writes:
Le 25/05/2019 à 09:07, Jacques Le Roux a écrit :
Le 25/05/2019 à 08:54, Jacques Le Roux a écrit :
You mean when ran isolated, right?
OK, got it, it's a framework only issue
https://ci.apache.org/projects/ofbiz/logs/trunk/framework/html/
Looking at it...
Jacques
This is due to the simple quote in
subject="OFBiz - Your Request is received: '${custRequestName}'
#CR${custRequestId}"/>
in OrderTypeData.xml
I have yet not idea why the CustomSafePolicy class (based on Slashdot policy)
rejects it, seems weird to me.
It's also (even more) weird that when the plugins data are loaded the issue
does not exist
Indeed this is weird, thanks for investigating!
This was a peculiar case that could be generalised to all escapable characters. The general solution is to compare the original value with the
filtered value unescaped in UtilCodec::checkStringForHtmlSafe.
BTW, weirdly enough StringEscapeUtils::escapeHtml4 does not escape single quote.
Another weirdness is the test was passing with plugins data loaded. This is due to duplicated demo data in scrumTypeData.xml (which is actually not
only type data)
As ever the scrum component is a mess, that's not new and I always wonder if we should not get rid of it! I guess there are plenty of good tools
outside...
Jacques
