Details

    • Branch Version/s:
      6.1.x, 6.0.x
    • Backported to Branch:
      Committed
    • Caused by:
      Feature/improvement was not complete
    • Where was the bug?:
      Java
    • Added to Fix Pack:
      Added

      Description

      The StripFilter maintains a cache for inlined javascript code and inlined css rules. The idea is to minify the code only once. The key of the cache ist calculated by simply using the hashCode method on the input string. This usage of the hashCode function is wrong, because no collision detection is possible.

      Two totally different string values may have the same hashCode. This will result in a situation where the first value is replaced by the second one. If later the minified version of the first string is to be taken from the cache, the second value is retrieved.

      There are even some algorithms to generate a string that for a given hash code value (see for example http://java-bytes.blogspot.com/2009/10/hashcode-of-string-in-java.html).

      This bug is a very nasty one, because almost always things are running good. But in very rare situations the cache returns the wrong value. The following test code show an example:

      		assertEquals("HashCode values must not be used as keys".hashCode(), "I<EZH@$YJVK[".hashCode());
      

      As workaround you can disable the minifying of inlined javascript and css code by setting the property minifier.inline.content.cache.size to 0.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since last comment:
                  3 years, 19 weeks, 2 days ago