The StripFilter maintains a cache for inlined javascript code and inlined css rules. The idea is to minify the code only once. The key of the cache ist calculated by simply using the hashCode method on the input string. This usage of the hashCode function is wrong, because no collision detection is possible.

      Two totally different string values may have the same hashCode. This will result in a situation where the first value is replaced by the second one. If later the minified version of the first string is to be taken from the cache, the second value is retrieved.

      There are even some algorithms to generate a string that for a given hash code value (see for example

      This bug is a very nasty one, because almost always things are running good. But in very rare situations the cache returns the wrong value. The following test code show an example:

      		assertEquals("HashCode values must not be used as keys".hashCode(), "I<EZH@$YJVK[".hashCode());

      As workaround you can disable the minifying of inlined javascript and css code by setting the property minifier.inline.content.cache.size to 0.


          Issue Links



              • Votes:
                0 Vote for this issue
                0 Start watching this issue


                • Created:
                  Days since last comment:
                  4 years, 40 weeks, 4 days ago