Description
If you define a url with parameters or contains url encoded parameters, the output from WidgetWorker.buildHyperlinkUrl may be invalid. This is because of using StringUtil.defaultWebEncoder.canonicalize(localRequestName).
eg
abc=&or1=123 -> abc=?1=123
abc=&to1=123 -> abc=&to1=123 (this one is fine)
abc=&and1=123 -> abc=?1=123
abc=>abc=123 -> abc=>abc=123
The owasp HTMLEntityCodec seems to look for special sequences (or, and, gt, lt etc) and change them. This to me is invalid because url encoding and html encoding are different
Why are the urls encoding the ampersands anyway? (String localRequestName = UtilHttp.encodeAmpersands(target).
Attachments
Attachments
Issue Links
- is broken by
-
OFBIZ-3382 inter-app hyperlink generates incorrect url
- Closed
- is duplicated by
-
OFBIZ-5953 Problem with new UtilCodec code caused by HTMLEntityCodec.decode()
- Closed
- relates to
-
OFBIZ-6034 Widget Refactoring: Refactor how links are rendered
- Open