Issue is created in [1] [1]https://github.com/wso2/carbon-uuf/issues/193
Thanks On Tue, Feb 28, 2017 at 11:53 AM, Nuwandi Wickramasinghe <nuwan...@wso2.com> wrote: > Does this encoding work properly when sent in javascript attributes as > well? I recently noticed that following type of calls do not work as > expected if the value *question *contains a single quote. > > <a onclick="editQuestion('{{question}}')"> > > > On Tue, Jan 31, 2017 at 11:04 PM, Manuranga Perera <m...@wso2.com> wrote: > >> UUF automatically escaping sensitive characters [1]. Please don't use >> 'encoding' for 'escaping'. >> >> [1] https://github.com/jknack/handlebars.java/blob/1f6c48e606dc1 >> 303d1e92a0a0eaa94120eba64fd/handlebars/src/main/java/com/git >> hub/jknack/handlebars/EscapingStrategy.java#L82 >> >> On Tue, Jan 31, 2017 at 5:23 PM, Jayanga Kaushalya <jayan...@wso2.com> >> wrote: >> >>> Hi Manuranga, >>> >>> This is not because of a security reason. The security question set id >>> may contains html special characters. So the set id is sent to the UI after >>> encoding to Base64. >>> >>> Thanks! >>> >>> *Jayanga Kaushalya* >>> Software Engineer >>> Mobile: +94777860160 <+94%2077%20786%200160> >>> WSO2 Inc. | http://wso2.com >>> lean.enterprise.middleware >>> >>> On Tue, Jan 31, 2017 at 10:42 PM, Manuranga Perera <m...@wso2.com> >>> wrote: >>> >>>> >>>> ---------- Forwarded message ---------- >>>> From: Manuranga Perera <m...@wso2.com> >>>> Date: Tue, Jan 31, 2017 at 5:11 PM >>>> Subject: Security questions are encoded >>>> To: Johann Nallathamby <joh...@wso2.com>, Jayanga Kaushalya < >>>> jayan...@wso2.com>, Isura Karunaratne <is...@wso2.com> >>>> >>>> >>>> Security questions are base64 encoded [1]. If they are encrypted (eg: >>>> RSA) or hashed (eg SHA) I can understand that it's for security reasons. >>>> All this does is obfuscation, poorly even at that, since base64 can be >>>> easily decoded. >>>> >>>> Or is it done for non-security reasons, like escaping special >>>> characters? >>>> >>>> [1] https://github.com/wso2/product-is/blob/6.0.x-C5_m3/portal/o >>>> sgi-services/org.wso2.is.portal.user.client.api/src/main/jav >>>> a/org/wso2/is/portal/user/client/api/ChallengeQuestionManage >>>> rClientServiceImpl.java#L113 >>>> >>>> -- >>>> With regards, >>>> *Manu*ranga Perera. >>>> >>>> phone : 071 7 70 20 50 >>>> mail : m...@wso2.com >>>> >>>> >>>> >>>> -- >>>> With regards, >>>> *Manu*ranga Perera. >>>> >>>> phone : 071 7 70 20 50 >>>> mail : m...@wso2.com >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> Dev@wso2.org >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >> >> >> -- >> With regards, >> *Manu*ranga Perera. >> >> phone : 071 7 70 20 50 >> mail : m...@wso2.com >> >> _______________________________________________ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > > Best Regards, > > Nuwandi Wickramasinghe > > Software Engineer > > WSO2 Inc. > > Web : http://wso2.com > > Mobile : 0719214873 > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Denuwanthi De Silva Senior Software Engineer; WSO2 Inc.; http://wso2.com, Email: denuwan...@wso2.com Blog: https://denuwanthi.wordpress.com/
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev