[jira] Updated: (OFBIZ-3135) In owasp-esapi-java, htmlCodec.decode is broken for all entities where entity.substr(0, x) exists

Patrick Antivackis (JIRA) Tue, 24 Nov 2009 12:20:04 -0800

     [ 
https://issues.apache.org/jira/browse/OFBIZ-3135?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Patrick Antivackis updated OFBIZ-3135:
--------------------------------------

    Attachment:     (was: Patch-HTMLEntityCodec.java.diff)

> In owasp-esapi-java, htmlCodec.decode is broken for all entities where 
> entity.substr(0, x) exists 
> --------------------------------------------------------------------------------------------------
>
>                 Key: OFBIZ-3135
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-3135
>             Project: OFBiz
>          Issue Type: Bug
>          Components: framework
>    Affects Versions: SVN trunk
>            Reporter: Patrick Antivackis
>
> It's because HTMLEntityCodec.getNamedEntity stop at the first entity found
> so it will never return &sup2 or &sup3 because &sup exists, neither &piv
> because &pi exists and all other entities where a shorter entity exists.
> See bug reports :
> http://code.google.com/p/owasp-esapi-java/issues/detail?id=45
> Attach is a recompile patched version of the library based on
> owasp-esapi-java-src-1.4.zip 
> and a diff of src/org/owasp/esapi/codecs/HTMLEntityCodec.java

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (OFBIZ-3135) In owasp-esapi-java, htmlCodec.decode is broken for all entities where entity.substr(0, x) exists

Reply via email to