[
https://issues.apache.org/jira/browse/OFBIZ-3135?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12776615#action_12776615
]
Patrick Antivackis commented on OFBIZ-3135:
-------------------------------------------
Yes, patch in the trunk is good (better than mine as I missed one specific
case), but i not yet to integrate it to the 1.4 version. Is there any
recommendation on the jdk i should use to recreate the jar once I backported
the patch to 1.4 ?
> In owasp-esapi-java, htmlCodec.decode is broken for all entities where
> entity.substr(0, x) exists
> --------------------------------------------------------------------------------------------------
>
> Key: OFBIZ-3135
> URL: https://issues.apache.org/jira/browse/OFBIZ-3135
> Project: OFBiz
> Issue Type: Bug
> Components: framework
> Affects Versions: SVN trunk
> Reporter: Patrick Antivackis
> Attachments: owasp-esapi-full-java-1.4.jar,
> Patch-HTMLEntityCodec.java.diff
>
>
> It's because HTMLEntityCodec.getNamedEntity stop at the first entity found
> so it will never return ² or ³ because &sup exists, neither &piv
> because &pi exists and all other entities where a shorter entity exists.
> See bug reports :
> http://code.google.com/p/owasp-esapi-java/issues/detail?id=45
> Attach is a recompile patched version of the library based on
> owasp-esapi-java-src-1.4.zip
> and a diff of src/org/owasp/esapi/codecs/HTMLEntityCodec.java
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
