Hi Firzan, We have added a new library that supports context sensitive encoding and that bundles with org.wso2.carbon.core.ui feature. You can use that instead.
<dependency> <groupId>org.wso2.orbit.org.owasp.encoder</groupId> <artifactId>encoder</artifactId> <version>1.2.0.wso2v1</version> </dependency> Also please make sure that you do output encoding only, i.e you should encode untrusted input where the input is displayed as data to the user without executing as code in the browser. Encoding input is wrong instead you should validate input. Thanks, Malithi. On Wed, Sep 9, 2015 at 6:59 PM, Firzhan Naqash <[email protected]> wrote: > Hi, > > Since this is a blocker and it involves fixing the already released carbon > kernel version, any suggestions or workarounds are welcome > > Regards, > Firzhan > > On Wed, Sep 9, 2015 at 2:56 PM, Firzhan Naqash <[email protected]> wrote: > >> >> >> Hi All, >> >> Currently the getSafeText method of the >> org.wso2.carbon.ui.util.CharacterEncoder class in the carbon kernel 4.4.1 >> version doesn't seem to be properly encoding the given text. >> >> This issue has been currently fixed with the 4.4.x branch. But for the >> BPS 3.5 release we are planning to go ahead with kernel version 4.4.1. >> Since this issue seems to be breaking some of the core human task >> functionalities in BPS, are there any workaround to overcome this issue ? >> >> >> Regards, >> Firzhan >> > > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- *Malithi Edirisinghe* Senior Software Engineer WSO2 Inc. Mobile : +94 (0) 718176807 [email protected]
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
