MyFaces CODI
  1. MyFaces CODI
  2. EXTCDI-87

ExternalContext.encodeActionUrl() must not be used for URL parameter values

    Details

      Description

      Currently there are some places where we're using ExternalContext.encodeActionUrl(). Sometimes the value is a whole URL - in this case encodeActionUrl() fits. However sometimes we're using it to encode a URL parameter value, which is wrong, because this method is designed to encode the final URL including all parameters and thus does not encode parameter values as expected.

      The right way is to use URLEncoder.encode() for URL parameter values. See MyFaces' ExternalContext impl for details: ServletExternalContextImpl.encodeURL().

        Activity

        There are no comments yet on this issue.

          People

          • Assignee:
            Jakob Korherr
            Reporter:
            Jakob Korherr
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development