UUF automatically escaping sensitive characters [1]. Please don't use 'encoding' for 'escaping'.
[1] https://github.com/jknack/handlebars.java/blob/1f6c48e606dc1303d1e92a0a0eaa94120eba64fd/handlebars/src/main/java/com/github/jknack/handlebars/EscapingStrategy.java#L82 On Tue, Jan 31, 2017 at 5:23 PM, Jayanga Kaushalya <[email protected]> wrote: > Hi Manuranga, > > This is not because of a security reason. The security question set id may > contains html special characters. So the set id is sent to the UI after > encoding to Base64. > > Thanks! > > *Jayanga Kaushalya* > Software Engineer > Mobile: +94777860160 <+94%2077%20786%200160> > WSO2 Inc. | http://wso2.com > lean.enterprise.middleware > > On Tue, Jan 31, 2017 at 10:42 PM, Manuranga Perera <[email protected]> wrote: > >> >> ---------- Forwarded message ---------- >> From: Manuranga Perera <[email protected]> >> Date: Tue, Jan 31, 2017 at 5:11 PM >> Subject: Security questions are encoded >> To: Johann Nallathamby <[email protected]>, Jayanga Kaushalya < >> [email protected]>, Isura Karunaratne <[email protected]> >> >> >> Security questions are base64 encoded [1]. If they are encrypted (eg: >> RSA) or hashed (eg SHA) I can understand that it's for security reasons. >> All this does is obfuscation, poorly even at that, since base64 can be >> easily decoded. >> >> Or is it done for non-security reasons, like escaping special characters? >> >> [1] https://github.com/wso2/product-is/blob/6.0.x-C5_m3/portal/o >> sgi-services/org.wso2.is.portal.user.client.api/src/main/jav >> a/org/wso2/is/portal/user/client/api/ChallengeQuestionManage >> rClientServiceImpl.java#L113 >> >> -- >> With regards, >> *Manu*ranga Perera. >> >> phone : 071 7 70 20 50 >> mail : [email protected] >> >> >> >> -- >> With regards, >> *Manu*ranga Perera. >> >> phone : 071 7 70 20 50 >> mail : [email protected] >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > -- With regards, *Manu*ranga Perera. phone : 071 7 70 20 50 mail : [email protected]
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
