Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-49315

'&' character in URLs are not escaped

    XMLWordPrintable

    Details

      Description

      The '&' character in URLs are not escaped. This causes the page to not validate as HTML.

      1. http://localhost/web/guest/home
      2. Make sure the Sign In portlet is on the page (If it's not on the page, add it and refresh the page)
      3. View the page's source

      Actual Result:

       <link href="http://localhost:8080/html/portlet/login/css/main.css?browserId=firefox&themeId=classic&languageId=en_US&b=7000&t=1407903478864" rel="stylesheet" type="text/css" />

      Expected Result:
      The & character should be escaped

      Other Occurrences:

      <li class="site-add-controls " id="urhl_" role="presentation" data-panelURL="http://localhost:8080/web/guest/home?p_p_id=145&p_p_lifecycle=0&p_p_state=exclusive&p_p_mode=view&_145_viewEntries=true&_145_stateMaximized=false&_145_struts_action=%2Fdockbar%2Fadd_panel" >

      <li class="page-preview-controls " id="slij_" role="presentation" data-panelURL="http://localhost:8080/web/guest/home?p_p_id=145&p_p_lifecycle=0&p_p_state=exclusive&p_p_mode=view&_145_struts_action=%2Fdockbar%2Fpreview_panel" >

      <li class="page-edit-controls " id="ldbt_" role="presentation" data-panelURL="http://localhost:8080/web/guest/home?p_p_id=145&p_p_lifecycle=0&p_p_state=exclusive&p_p_mode=view&_145_selPlid=10188&_145_struts_action=%2Fdockbar%2Fedit_layout_panel&_145_closeRedirect=http%3A%2F%2Flocalhost%2Fweb%2Fguest%2Fhome" >
      • The "href" attribute in <aui:nav-item>
      • The "onClick" attribute in <liferay-portlet:icon-configuration>
      • The "onClick" attribute in <liferay-portlet:icon-export-import>
      • The "onClick" attribute in <liferay-portlet:icon-maximize>
      • The "url" attribute in <liferay-ui:tabs>
      • PortletDisplay.getURLConfigurationJS()

      In User Statistics portlet

      <a href="http://localhost/web/guest/home?p_p_id=86&p_p_lifecycle=0&p_p_state=pop_up&p_p_col_id=column-1&p_p_col_count=2&_86_struts_action=%2Fportlet_configuration%2Fedit_configuration&_86_redirect=%2F&_86_returnToFullPageURL=%2F&_86_portletResource=180&_86_resourcePrimKey=10188_LAYOUT_180&_86_" onClick="..."> Please configure this portlet and select at least one ranking criteria. </a>

      In Tags Admin

      <li class=" " id="_99_tagsPermissionsButton" role="presentation" data-url="http://localhost/group/control_panel/manage?p_p_id=86&p_p_lifecycle=0&p_p_state=pop_up&doAsGroupId=10185&refererPlid=10188&controlPanelCategory=current_site.content&_86_struts_action=%2Fportlet_configuration%2Fedit_permissions&_86_portletResource=99&_86_modelResource=com.liferay.portlet.asset&_86_modelResourceDescription=Liferay&_86_resourceGroupId=10185&_86_resourcePrimKey=10185" >

        Attachments

          Issue Links

          relates

          Bug - A problem which impairs or prevents the functions of the product. LPE-15973 '&' characters in URLs are not escaped

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

            Activity

              People

              Assignee:
              felix.zhang Felix Zhang
              Reporter:
              samuel.kong Samuel Kong
              Participants of an Issue:
              Recent user:
              Enterprise Release HU
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                3 years, 40 weeks, 3 days ago

                  Packages

                  Version Package
                  6.2.X EE
                  7.0.0 M3