Gareth Carter created OFBIZ-5910: ------------------------------------ Summary: WidgetWorker.buildHyperlinkUrl generates invalid url when using certain sequences of characters Key: OFBIZ-5910 URL: https://issues.apache.org/jira/browse/OFBIZ-5910 Project: OFBiz Issue Type: Bug Components: framework Affects Versions: Trunk Reporter: Gareth Carter
If you define a url with parameters or contains url encoded parameters, the output from WidgetWorker.buildHyperlinkUrl may be invalid. This is because of using StringUtil.defaultWebEncoder.canonicalize(localRequestName). eg abc=&or1=123 -> abc=?1=123 abc=&to1=123 -> abc=&to1=123 (this one is fine) abc=&and1=123 -> abc=?1=123 abc=&gtabc=123 -> abc=>abc=123 The owasp HTMLEntityCodec seems to look for special sequences (or, and, gt, lt etc) and change them. This to me is invalid because url encoding and html encoding are different Why are the urls encoding the ampersands anyway? (String localRequestName = UtilHttp.encodeAmpersands(target);). -- This message was sent by Atlassian JIRA (v6.3.4#6332)