You are mind reading on me... I am in the process of doing some more refactoring, including this.
I will commit later today or (more probably) tomorrow. Jacopo On Dec 29, 2014, at 4:48 PM, Adrian Crum <[email protected]> wrote: > + public static class UrlEncoder implements SimpleEncoder, SimpleDecoder { > > Since the class encodes and decodes URLs, can we call it UrlCodec? > > Adrian Crum > Sandglass Software > www.sandglass-software.com > > On 12/29/2014 9:24 AM, [email protected] wrote: >> Author: jacopoc >> Date: Mon Dec 29 09:24:46 2014 >> New Revision: 1648298 >> >> URL: http://svn.apache.org/r1648298 >> Log: >> A series of cleanup to the integration with OWASP ESAPI. Isolated >> dependencies on the external OWASP ESAPI jar into the StringUtil class. >> >> >> Modified: >> >> ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentUrlFilter.java >> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java >> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java >> >> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/StringUtilTests.java >> ofbiz/trunk/framework/common/src/org/ofbiz/common/CommonServices.java >> >> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java >> >> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizContentTransform.java >> >> ofbiz/trunk/framework/webtools/src/org/ofbiz/webtools/labelmanager/LabelManagerFactory.java >> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/WidgetWorker.java >> >> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/MacroFormRenderer.java >> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/HtmlWidget.java >> >> Modified: >> ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentUrlFilter.java >> URL: >> http://svn.apache.org/viewvc/ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentUrlFilter.java?rev=1648298&r1=1648297&r2=1648298&view=diff >> ============================================================================== >> --- >> ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentUrlFilter.java >> (original) >> +++ >> ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentUrlFilter.java >> Mon Dec 29 09:24:46 2014 >> @@ -39,7 +39,6 @@ import org.ofbiz.entity.Delegator; >> import org.ofbiz.entity.GenericValue; >> import org.ofbiz.entity.util.EntityQuery; >> import org.ofbiz.webapp.control.ContextFilter; >> -import org.owasp.esapi.errors.EncodingException; >> >> public class ContentUrlFilter extends ContextFilter { >> public final static String module = ContentUrlFilter.class.getName(); >> @@ -118,14 +117,10 @@ public class ContentUrlFilter extends Co >> .queryFirst(); >> if (contentAssocDataResource != null) { >> url = contentAssocDataResource.getString("drObjectInfo"); >> - try { >> - url = StringUtil.defaultWebEncoder.decodeFromURL(url); >> - String mountPoint = request.getContextPath(); >> - if (!(mountPoint.equals("/")) && >> !(mountPoint.equals(""))) { >> - url = mountPoint + url; >> - } >> - } catch (EncodingException e) { >> - Debug.logError(e, module); >> + url = StringUtil.getDecoder("url").decode(url); >> + String mountPoint = request.getContextPath(); >> + if (!(mountPoint.equals("/")) && !(mountPoint.equals(""))) { >> + url = mountPoint + url; >> } >> } >> } catch (Exception e) { >> >> Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java >> URL: >> http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java?rev=1648298&r1=1648297&r2=1648298&view=diff >> ============================================================================== >> --- ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java >> (original) >> +++ ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java Mon >> Dec 29 09:24:46 2014 >> @@ -36,14 +36,12 @@ import java.util.regex.Pattern; >> import org.apache.commons.codec.DecoderException; >> import org.apache.commons.codec.binary.Hex; >> import org.ofbiz.base.lang.Appender; >> -import org.owasp.esapi.ValidationErrorList; >> -import org.owasp.esapi.Validator; >> import org.owasp.esapi.codecs.Codec; >> import org.owasp.esapi.codecs.HTMLEntityCodec; >> import org.owasp.esapi.codecs.PercentCodec; >> +import org.owasp.esapi.errors.EncodingException; >> import org.owasp.esapi.errors.IntrusionException; >> import org.owasp.esapi.reference.DefaultEncoder; >> -import org.owasp.esapi.reference.DefaultValidator; >> >> /** >> * Misc String Utility Functions >> @@ -56,15 +54,11 @@ public class StringUtil { >> // FIXME: Not thread safe >> protected static final Map<String, Pattern> substitutionPatternMap; >> >> - /** OWASP ESAPI canonicalize strict flag; setting false so we only get >> warnings about double encoding, etc; can be set to true for exceptions and >> more security */ >> - public static final boolean esapiCanonicalizeStrict = false; >> - public static final DefaultEncoder defaultWebEncoder; >> - public static final Validator defaultWebValidator; >> + private static final DefaultEncoder defaultWebEncoder; >> static { >> // possible codecs: CSSCodec, HTMLEntityCodec, JavaScriptCodec, >> MySQLCodec, OracleCodec, PercentCodec, UnixCodec, VBScriptCodec, WindowsCodec >> List<Codec> codecList = Arrays.asList(new HTMLEntityCodec(), new >> PercentCodec()); >> defaultWebEncoder = new DefaultEncoder(codecList); >> - defaultWebValidator = new DefaultValidator(); >> substitutionPatternMap = new HashMap<String, Pattern>(); >> substitutionPatternMap.put("&&", Pattern.compile("@and", >> Pattern.LITERAL)); >> substitutionPatternMap.put("||", Pattern.compile("@or", >> Pattern.LITERAL)); >> @@ -74,9 +68,10 @@ public class StringUtil { >> substitutionPatternMap.put(">", Pattern.compile("@gt", >> Pattern.LITERAL)); >> } >> >> - public static final SimpleEncoder htmlEncoder = new HtmlEncoder(); >> - public static final SimpleEncoder xmlEncoder = new XmlEncoder(); >> - public static final SimpleEncoder stringEncoder = new StringEncoder(); >> + private static final HtmlEncoder htmlEncoder = new HtmlEncoder(); >> + private static final XmlEncoder xmlEncoder = new XmlEncoder(); >> + private static final StringEncoder stringEncoder = new StringEncoder(); >> + private static final UrlEncoder urlEncoder = new UrlEncoder(); >> >> private StringUtil() { >> } >> @@ -85,6 +80,10 @@ public class StringUtil { >> public String encode(String original); >> } >> >> + public static interface SimpleDecoder { >> + public String decode(String original); >> + } >> + >> public static class HtmlEncoder implements SimpleEncoder { >> public String encode(String original) { >> return StringUtil.defaultWebEncoder.encodeForHTML(original); >> @@ -97,6 +96,26 @@ public class StringUtil { >> } >> } >> >> + public static class UrlEncoder implements SimpleEncoder, SimpleDecoder { >> + public String encode(String original) { >> + try { >> + return StringUtil.defaultWebEncoder.encodeForURL(original); >> + } catch (EncodingException ee) { >> + Debug.logError(ee, module); >> + return null; >> + } >> + } >> + >> + public String decode(String original) { >> + try { >> + return StringUtil.defaultWebEncoder.decodeFromURL(original); >> + } catch (EncodingException ee) { >> + Debug.logError(ee, module); >> + return null; >> + } >> + } >> + } >> + >> public static class StringEncoder implements SimpleEncoder { >> public String encode(String original) { >> if (original != null) { >> @@ -109,7 +128,9 @@ public class StringUtil { >> // ================== Begin General Functions ================== >> >> public static SimpleEncoder getEncoder(String type) { >> - if ("xml".equals(type)) { >> + if ("url".equals(type)) { >> + return StringUtil.urlEncoder; >> + } else if ("xml".equals(type)) { >> return StringUtil.xmlEncoder; >> } else if ("html".equals(type)) { >> return StringUtil.htmlEncoder; >> @@ -120,6 +141,14 @@ public class StringUtil { >> } >> } >> >> + public static SimpleDecoder getDecoder(String type) { >> + if ("url".equals(type)) { >> + return StringUtil.urlEncoder; >> + } else { >> + return null; >> + } >> + } >> + >> public static String internString(String value) { >> return value != null ? value.intern() : null; >> } >> @@ -594,6 +623,13 @@ public class StringUtil { >> return result; >> } >> >> + public static String canonicalize(String value) throws >> IntrusionException { >> + return defaultWebEncoder.canonicalize(value); >> + } >> + >> + public static String canonicalize(String value, boolean strict) throws >> IntrusionException { >> + return defaultWebEncoder.canonicalize(value, strict); >> + } >> /** >> * Uses a black-list approach for necessary characters for HTML. >> * Does not allow various characters (after canonicalization), >> including "<", ">", "&" (if not followed by a space), and "%" (if not >> followed by a space). >> @@ -606,7 +642,7 @@ public class StringUtil { >> >> // canonicalize, strict (error on double-encoding) >> try { >> - value = defaultWebEncoder.canonicalize(value, true); >> + value = canonicalize(value, true); >> } catch (IntrusionException e) { >> // NOTE: using different log and user targeted error messages >> to allow the end-user message to be less technical >> Debug.logError("Canonicalization (format consistency, character >> escaping that is mixed or double, etc) error for attribute named [" + >> valueName + "], String [" + value + "]: " + e.toString(), module); >> @@ -651,21 +687,6 @@ public class StringUtil { >> return value; >> } >> >> - /** >> - * Uses a white-list approach to check for safe HTML. >> - * Based on the ESAPI validator configured in the antisamy-esapi.xml >> file. >> - * >> - * @param value >> - * @param errorMessageList >> - * @return String with updated value if needed for safer HTML. >> - */ >> - public static String checkStringForHtmlSafeOnly(String valueName, >> String value, List<String> errorMessageList) { >> - ValidationErrorList vel = new ValidationErrorList(); >> - value = defaultWebValidator.getValidSafeHTML(valueName, value, >> Integer.MAX_VALUE, true, vel); >> - errorMessageList.addAll(UtilGenerics.checkList(vel.errors(), >> String.class)); >> - return value; >> - } >> - >> /** >> * Remove/collapse multiple newline characters >> * >> >> Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java >> URL: >> http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java?rev=1648298&r1=1648297&r2=1648298&view=diff >> ============================================================================== >> --- ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java >> (original) >> +++ ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java Mon Dec >> 29 09:24:46 2014 >> @@ -53,8 +53,6 @@ import org.apache.oro.text.regex.Malform >> import org.apache.oro.text.regex.Pattern; >> import org.apache.oro.text.regex.PatternMatcher; >> import org.apache.oro.text.regex.Perl5Matcher; >> -import org.owasp.esapi.errors.EncodingException; >> -import org.owasp.esapi.errors.IntrusionException; >> >> import com.ibm.icu.util.Calendar; >> >> @@ -251,10 +249,11 @@ public class UtilHttp { >> >> public static String canonicalizeParameter(String paramValue) { >> try { >> - String cannedStr = >> StringUtil.defaultWebEncoder.canonicalize(paramValue, >> StringUtil.esapiCanonicalizeStrict); >> + /** calling canonicalize with strict flag set to false so we >> only get warnings about double encoding, etc; can be set to true for >> exceptions and more security */ >> + String cannedStr = StringUtil.canonicalize(paramValue, false); >> if (Debug.verboseOn()) Debug.logVerbose("Canonicalized >> parameter with " + (cannedStr.equals(paramValue) ? "no " : "") + "change: >> original [" + paramValue + "] canned [" + cannedStr + "]", module); >> return cannedStr; >> - } catch (IntrusionException e) { >> + } catch (Exception e) { >> Debug.logError(e, "Error in canonicalize parameter value [" + >> paramValue + "]: " + e.toString(), module); >> return paramValue; >> } >> @@ -791,22 +790,14 @@ public class UtilHttp { >> buf.append("&"); >> } >> } >> - try { >> - >> buf.append(StringUtil.defaultWebEncoder.encodeForURL(name)); >> - } catch (EncodingException e) { >> - Debug.logError(e, module); >> - } >> + >> buf.append(StringUtil.getEncoder("url").encode(name)); >> /* the old way: try { >> buf.append(URLEncoder.encode(name, "UTF-8")); >> } catch (UnsupportedEncodingException e) { >> Debug.logError(e, module); >> } */ >> buf.append('='); >> - try { >> - >> buf.append(StringUtil.defaultWebEncoder.encodeForURL(valueStr)); >> - } catch (EncodingException e) { >> - Debug.logError(e, module); >> - } >> + >> buf.append(StringUtil.getEncoder("url").encode(valueStr)); >> /* the old way: try { >> buf.append(URLEncoder.encode(valueStr, >> "UTF-8")); >> } catch (UnsupportedEncodingException e) { >> >> Modified: >> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/StringUtilTests.java >> URL: >> http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/StringUtilTests.java?rev=1648298&r1=1648297&r2=1648298&view=diff >> ============================================================================== >> --- >> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/StringUtilTests.java >> (original) >> +++ >> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/StringUtilTests.java >> Mon Dec 29 09:24:46 2014 >> @@ -303,9 +303,6 @@ public class StringUtilTests extends Gen >> checkStringForHtmlStrictNone_test("double-encoding", >> "%2%353Cscript", "%2%353Cscript", "In field [double-encoding] found >> character escaping (mixed or double) that is not allowed or other format >> consistency error: org.owasp.esapi.errors.IntrusionException: Input >> validation failure"); >> } >> >> - public void testCheckStringForHtmlSafeOnly() { >> - } >> - >> public void testCollapseNewlines() { >> } >> >> >> Modified: >> ofbiz/trunk/framework/common/src/org/ofbiz/common/CommonServices.java >> URL: >> http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/src/org/ofbiz/common/CommonServices.java?rev=1648298&r1=1648297&r2=1648298&view=diff >> ============================================================================== >> --- ofbiz/trunk/framework/common/src/org/ofbiz/common/CommonServices.java >> (original) >> +++ ofbiz/trunk/framework/common/src/org/ofbiz/common/CommonServices.java >> Mon Dec 29 09:24:46 2014 >> @@ -64,7 +64,6 @@ import org.ofbiz.service.ModelService; >> import org.ofbiz.service.ServiceSynchronization; >> import org.ofbiz.service.ServiceUtil; >> import org.ofbiz.service.mail.MimeMessageWrapper; >> -import org.owasp.esapi.errors.EncodingException; >> >> /** >> * Common Services >> @@ -539,17 +538,15 @@ public class CommonServices { >> } >> >> public static Map<String, Object> resetMetric(DispatchContext dctx, >> Map<String, ?> context) { >> - String name = (String) context.get("name"); >> - try { >> - name = StringUtil.defaultWebEncoder.decodeFromURL(name); >> - } catch (EncodingException e) { >> - return ServiceUtil.returnError("Exception thrown while decoding >> metric name \"" + name + "\""); >> + String originalName = (String) context.get("name"); >> + String name = StringUtil.getDecoder("url").decode(originalName); >> + if (name == null) { >> + return ServiceUtil.returnError("Exception thrown while decoding >> metric name \"" + originalName + "\""); >> } >> Metrics metric = MetricsFactory.getMetric(name); >> if (metric != null) { >> metric.reset(); >> return ServiceUtil.returnSuccess(); >> - >> } >> return ServiceUtil.returnError("Metric \"" + name + "\" not >> found."); >> } >> >> Modified: >> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java >> URL: >> http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java?rev=1648298&r1=1648297&r2=1648298&view=diff >> ============================================================================== >> --- >> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java >> (original) >> +++ >> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java >> Mon Dec 29 09:24:46 2014 >> @@ -62,7 +62,6 @@ import org.ofbiz.webapp.view.ViewHandler >> import org.ofbiz.webapp.view.ViewHandlerException; >> import org.ofbiz.webapp.website.WebSiteProperties; >> import org.ofbiz.webapp.website.WebSiteWorker; >> -import org.owasp.esapi.errors.EncodingException; >> import org.python.modules.re; >> >> /** >> @@ -1116,13 +1115,11 @@ public class RequestHandler { >> if (queryString.length() > 1) { >> queryString.append("&"); >> } >> - >> - try { >> - >> queryString.append(StringUtil.defaultWebEncoder.encodeForURL(name)); >> + String encodedName = StringUtil.getEncoder("url").encode(name); >> + if (encodedName != null) { >> + queryString.append(encodedName); >> queryString.append("="); >> - >> queryString.append(StringUtil.defaultWebEncoder.encodeForURL(value)); >> - } catch (EncodingException e) { >> - Debug.logError(e, module); >> + >> queryString.append(StringUtil.getEncoder("url").encode(value)); >> } >> } >> } >> >> Modified: >> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizContentTransform.java >> URL: >> http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizContentTransform.java?rev=1648298&r1=1648297&r2=1648298&view=diff >> ============================================================================== >> --- >> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizContentTransform.java >> (original) >> +++ >> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizContentTransform.java >> Mon Dec 29 09:24:46 2014 >> @@ -28,7 +28,6 @@ import org.ofbiz.base.util.Debug; >> import org.ofbiz.base.util.StringUtil; >> import org.ofbiz.base.util.UtilValidate; >> import org.ofbiz.webapp.taglib.ContentUrlTag; >> -import org.owasp.esapi.errors.EncodingException; >> >> import freemarker.core.Environment; >> import freemarker.ext.beans.BeanModel; >> @@ -93,11 +92,7 @@ public class OfbizContentTransform imple >> return; >> } >> >> - try { >> - requestUrl = >> StringUtil.defaultWebEncoder.decodeFromURL(requestUrl); >> - } catch (EncodingException e) { >> - Debug.logError(e, module); >> - } >> + requestUrl = >> StringUtil.getDecoder("url").decode(requestUrl); >> >> // make the link >> StringBuilder newURL = new StringBuilder(); >> >> Modified: >> ofbiz/trunk/framework/webtools/src/org/ofbiz/webtools/labelmanager/LabelManagerFactory.java >> URL: >> http://svn.apache.org/viewvc/ofbiz/trunk/framework/webtools/src/org/ofbiz/webtools/labelmanager/LabelManagerFactory.java?rev=1648298&r1=1648297&r2=1648298&view=diff >> ============================================================================== >> --- >> ofbiz/trunk/framework/webtools/src/org/ofbiz/webtools/labelmanager/LabelManagerFactory.java >> (original) >> +++ >> ofbiz/trunk/framework/webtools/src/org/ofbiz/webtools/labelmanager/LabelManagerFactory.java >> Mon Dec 29 09:24:46 2014 >> @@ -40,7 +40,6 @@ import org.ofbiz.base.util.GeneralExcept >> import org.ofbiz.base.util.StringUtil; >> import org.ofbiz.base.util.UtilValidate; >> import org.ofbiz.base.util.UtilXml; >> -import org.owasp.esapi.errors.EncodingException; >> import org.w3c.dom.Comment; >> import org.w3c.dom.Document; >> import org.w3c.dom.Element; >> @@ -103,7 +102,7 @@ public class LabelManagerFactory { >> } >> } >> >> - public void findMatchingLabels(String component, String fileName, >> String key, String locale) throws MalformedURLException, SAXException, >> ParserConfigurationException, IOException, EncodingException, >> GeneralException { >> + public void findMatchingLabels(String component, String fileName, >> String key, String locale) throws MalformedURLException, SAXException, >> ParserConfigurationException, IOException, GeneralException { >> if (UtilValidate.isEmpty(component) && >> UtilValidate.isEmpty(fileName) && UtilValidate.isEmpty(key) && >> UtilValidate.isEmpty(locale)) { >> // Important! Don't allow unparameterized queries - doing so >> will result in loading the entire project into memory >> return; >> @@ -124,7 +123,7 @@ public class LabelManagerFactory { >> for (Node propertyNode : >> UtilXml.childNodeList(resourceElem.getFirstChild())) { >> if (propertyNode instanceof Element) { >> Element propertyElem = (Element) propertyNode; >> - String labelKey = >> StringUtil.defaultWebEncoder.canonicalize(propertyElem.getAttribute("key")); >> + String labelKey = >> StringUtil.canonicalize(propertyElem.getAttribute("key")); >> String labelComment = ""; >> for (Node valueNode : >> UtilXml.childNodeList(propertyElem.getFirstChild())) { >> if (valueNode instanceof Element) { >> @@ -135,7 +134,7 @@ public class LabelManagerFactory { >> if( localeName.contains("_")) { >> localeName = localeName.replace('_', '-'); >> } >> - String labelValue = >> StringUtil.defaultWebEncoder.canonicalize(UtilXml.nodeValue(valueElem.getFirstChild())); >> + String labelValue = >> StringUtil.canonicalize(UtilXml.nodeValue(valueElem.getFirstChild())); >> LabelInfo label = labels.get(labelKey + >> keySeparator + fileInfo.getFileName()); >> >> if (UtilValidate.isEmpty(label)) { >> @@ -149,12 +148,12 @@ public class LabelManagerFactory { >> localesFound.add(localeName); >> labelComment = ""; >> } else if (valueNode instanceof Comment) { >> - labelComment = labelComment + >> StringUtil.defaultWebEncoder.canonicalize(valueNode.getNodeValue()); >> + labelComment = labelComment + >> StringUtil.canonicalize(valueNode.getNodeValue()); >> } >> } >> labelKeyComment = ""; >> } else if (propertyNode instanceof Comment) { >> - labelKeyComment = labelKeyComment + >> StringUtil.defaultWebEncoder.canonicalize(propertyNode.getNodeValue()); >> + labelKeyComment = labelKeyComment + >> StringUtil.canonicalize(propertyNode.getNodeValue()); >> } >> } >> } >> >> Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/WidgetWorker.java >> URL: >> http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/src/org/ofbiz/widget/WidgetWorker.java?rev=1648298&r1=1648297&r2=1648298&view=diff >> ============================================================================== >> --- ofbiz/trunk/framework/widget/src/org/ofbiz/widget/WidgetWorker.java >> (original) >> +++ ofbiz/trunk/framework/widget/src/org/ofbiz/widget/WidgetWorker.java Mon >> Dec 29 09:24:46 2014 >> @@ -71,7 +71,7 @@ public class WidgetWorker { >> // We may get an encoded request like: >> /projectmgr/control/EditTaskContents?workEffortId=10003 >> // Try to reducing a possibly encoded string down to its simplest >> form: /projectmgr/control/EditTaskContents?workEffortId=10003 >> // This step make sure the following appending externalLoginKey >> operation to work correctly >> - localRequestName = >> StringUtil.defaultWebEncoder.canonicalize(localRequestName); >> + localRequestName = StringUtil.canonicalize(localRequestName); >> Appendable localWriter = new StringWriter(); >> >> if ("intra-app".equals(targetType)) { >> @@ -300,7 +300,7 @@ public class WidgetWorker { >> writer.append("<input name=\""); >> writer.append(parameter.getKey()); >> writer.append("\" value=\""); >> - >> writer.append(StringUtil.htmlEncoder.encode(parameter.getValue())); >> + >> writer.append(StringUtil.getEncoder("html").encode(parameter.getValue())); >> writer.append("\" type=\"hidden\"/>"); >> } >> } >> >> Modified: >> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/MacroFormRenderer.java >> URL: >> http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/MacroFormRenderer.java?rev=1648298&r1=1648297&r2=1648298&view=diff >> ============================================================================== >> --- >> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/MacroFormRenderer.java >> (original) >> +++ >> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/MacroFormRenderer.java >> Mon Dec 29 09:24:46 2014 >> @@ -3088,7 +3088,7 @@ public final class MacroFormRenderer imp >> parameters.append(parameter.getName()); >> parameters.append("'"); >> parameters.append(",'value':'"); >> - >> parameters.append(StringUtil.htmlEncoder.encode(parameter.getValue(context))); >> + >> parameters.append(StringUtil.getEncoder("html").encode(parameter.getValue(context))); >> parameters.append("'}"); >> } >> parameters.append("]"); >> >> Modified: >> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/HtmlWidget.java >> URL: >> http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/HtmlWidget.java?rev=1648298&r1=1648297&r2=1648298&view=diff >> ============================================================================== >> --- ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/HtmlWidget.java >> (original) >> +++ ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/HtmlWidget.java >> Mon Dec 29 09:24:46 2014 >> @@ -88,7 +88,7 @@ public class HtmlWidget extends ModelScr >> } >> @Override >> public String getAsString() { >> - return StringUtil.htmlEncoder.encode(super.getAsString()); >> + return >> StringUtil.getEncoder("html").encode(super.getAsString()); >> } >> } >> >> @@ -100,7 +100,7 @@ public class HtmlWidget extends ModelScr >> >> @Override >> public String getAsString() { >> - return StringUtil.htmlEncoder.encode(super.getAsString()); >> + return >> StringUtil.getEncoder("html").encode(super.getAsString()); >> } >> >> } >> >>
