Gareth Carter created OFBIZ-5910:
------------------------------------
Summary: WidgetWorker.buildHyperlinkUrl generates invalid url when
using certain sequences of characters
Key: OFBIZ-5910
URL: https://issues.apache.org/jira/browse/OFBIZ-5910
Project: OFBiz
Issue Type: Bug
Components: framework
Affects Versions: Trunk
Reporter: Gareth Carter
If you define a url with parameters or contains url encoded parameters, the
output from WidgetWorker.buildHyperlinkUrl may be invalid. This is because of
using StringUtil.defaultWebEncoder.canonicalize(localRequestName).
eg
abc=&or1=123 -> abc=?1=123
abc=&to1=123 -> abc=&to1=123 (this one is fine)
abc=&and1=123 -> abc=?1=123
abc=&gtabc=123 -> abc=>abc=123
The owasp HTMLEntityCodec seems to look for special sequences (or, and, gt, lt
etc) and change them. This to me is invalid because url encoding and html
encoding are different
Why are the urls encoding the ampersands anyway? (String localRequestName =
UtilHttp.encodeAmpersands(target);).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
