We have found an annoying behavior with user fullname escaping.
"User.getFullName()" calls "ContactConstants.getFullName()". This function ends with
For the user with
firstName = Claudio
lastName = Dall'Antonia
fullName will be "Claudio Dall'Antonia".
GroupImpl.java has getDescriptiveName() method. This method return:
- organization.getName() when group is "organization group"
- layout.getName() when group is a "scope group"
- group.getName() when group is a "community"
- user.getFullName() when group is a "user group"
except "user.getFullName()" all values are unescaped.
So, into the jsp, when you write "HtmlUtil.escape(group.getDescriptiveName()":
- an organization named "Bottega dell'Arrotino" become "Bottega dell'Arrotino" and shown correctly
- then user named "Claudio Dall'Antonia" become "Claudio Dall'Antonia" and shown badly
I suggest to alter group.getDescriptiveName to return always an escaped value