[OFBIZ-5910] WidgetWorker.buildHyperlinkUrl generates invalid url when using certain sequences of characters - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: Trunk
Fix Version/s: 14.12.01, 16.11.01
Component/s: framework
Labels:
None

Description

If you define a url with parameters or contains url encoded parameters, the output from WidgetWorker.buildHyperlinkUrl may be invalid. This is because of using StringUtil.defaultWebEncoder.canonicalize(localRequestName).

eg
abc=&or1=123 -> abc=?1=123
abc=&to1=123 -> abc=&to1=123 (this one is fine)
abc=&and1=123 -> abc=?1=123
abc=&gtabc=123 -> abc=>abc=123

The owasp HTMLEntityCodec seems to look for special sequences (or, and, gt, lt etc) and change them. This to me is invalid because url encoding and html encoding are different

Why are the urls encoding the ampersands anyway? (String localRequestName = UtilHttp.encodeAmpersands(target).

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

WidgetWorker.patch
31/Dec/14 14:54
2 kB
Gareth Carter

Issue Links

is broken by

OFBIZ-3382 inter-app hyperlink generates incorrect url

Closed

is duplicated by

OFBIZ-5953 Problem with new UtilCodec code caused by HTMLEntityCodec.decode()

Closed

relates to

OFBIZ-6034 Widget Refactoring: Refactor how links are rendered

Open

Activity

People

Assignee:: Jacopo Cappellato

Reporter:: Gareth Carter

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 18/Dec/14 11:27

Updated:: 16/Feb/15 09:03

Resolved:: 16/Feb/15 07:42