Issue is created in [1]
[1]https://github.com/wso2/carbon-uuf/issues/193
Thanks
On Tue, Feb 28, 2017 at 11:53 AM, Nuwandi Wickramasinghe <nuwan...@wso2.com>
wrote:
> Does this encoding work properly when sent in javascript attributes as
> well? I recently noticed that following type of calls do not work as
> expected if the value *question *contains a single quote.
>
> <a onclick="editQuestion('{{question}}')">
>
>
> On Tue, Jan 31, 2017 at 11:04 PM, Manuranga Perera <m...@wso2.com> wrote:
>
>> UUF automatically escaping sensitive characters [1]. Please don't use
>> 'encoding' for 'escaping'.
>>
>> [1] https://github.com/jknack/handlebars.java/blob/1f6c48e606dc1
>> 303d1e92a0a0eaa94120eba64fd/handlebars/src/main/java/com/git
>> hub/jknack/handlebars/EscapingStrategy.java#L82
>>
>> On Tue, Jan 31, 2017 at 5:23 PM, Jayanga Kaushalya <jayan...@wso2.com>
>> wrote:
>>
>>> Hi Manuranga,
>>>
>>> This is not because of a security reason. The security question set id
>>> may contains html special characters. So the set id is sent to the UI after
>>> encoding to Base64.
>>>
>>> Thanks!
>>>
>>> *Jayanga Kaushalya*
>>> Software Engineer
>>> Mobile: +94777860160 <+94%2077%20786%200160>
>>> WSO2 Inc. | http://wso2.com
>>> lean.enterprise.middleware
>>>
>>> On Tue, Jan 31, 2017 at 10:42 PM, Manuranga Perera <m...@wso2.com>
>>> wrote:
>>>
>>>>
>>>> ---------- Forwarded message ----------
>>>> From: Manuranga Perera <m...@wso2.com>
>>>> Date: Tue, Jan 31, 2017 at 5:11 PM
>>>> Subject: Security questions are encoded
>>>> To: Johann Nallathamby <joh...@wso2.com>, Jayanga Kaushalya <
>>>> jayan...@wso2.com>, Isura Karunaratne <is...@wso2.com>
>>>>
>>>>
>>>> Security questions are base64 encoded [1]. If they are encrypted (eg:
>>>> RSA) or hashed (eg SHA) I can understand that it's for security reasons.
>>>> All this does is obfuscation, poorly even at that, since base64 can be
>>>> easily decoded.
>>>>
>>>> Or is it done for non-security reasons, like escaping special
>>>> characters?
>>>>
>>>> [1] https://github.com/wso2/product-is/blob/6.0.x-C5_m3/portal/o
>>>> sgi-services/org.wso2.is.portal.user.client.api/src/main/jav
>>>> a/org/wso2/is/portal/user/client/api/ChallengeQuestionManage
>>>> rClientServiceImpl.java#L113
>>>>
>>>> --
>>>> With regards,
>>>> *Manu*ranga Perera.
>>>>
>>>> phone : 071 7 70 20 50
>>>> mail : m...@wso2.com
>>>>
>>>>
>>>>
>>>> --
>>>> With regards,
>>>> *Manu*ranga Perera.
>>>>
>>>> phone : 071 7 70 20 50
>>>> mail : m...@wso2.com
>>>>
>>>> _______________________________________________
>>>> Dev mailing list
>>>> Dev@wso2.org
>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>
>>>>
>>>
>>
>>
>> --
>> With regards,
>> *Manu*ranga Perera.
>>
>> phone : 071 7 70 20 50
>> mail : m...@wso2.com
>>
>> _______________________________________________
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
>
> Best Regards,
>
> Nuwandi Wickramasinghe
>
> Software Engineer
>
> WSO2 Inc.
>
> Web : http://wso2.com
>
> Mobile : 0719214873
>
> _______________________________________________
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
--
Denuwanthi De Silva
Senior Software Engineer;
WSO2 Inc.; http://wso2.com,
Email: denuwan...@wso2.com
Blog: https://denuwanthi.wordpress.com/
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
