Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-66794

Result of escapeCSS is incorrect if the escaped character is followed by a number

Details

    Description

      <style type="text/css">
      h1:before {
          content: "<%= HtmlUtil.escapeCSS("'1") %>";
      }
      </style>
      <h1>Hello World</h1>
      

      Expected result
      '1Hello World
      Actual result
      ╔▒Hello World

      The problem is ' is escaped to \27. However, the next character is 1. So you end up with \271, which is different character.

      Attachments

        Issue Links

          Activity

            People

              melody.wu Melody Wu
              samuel.kong Samuel Kong
              Kiyoshi Lee Kiyoshi Lee
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                6 years, 50 weeks, 1 day ago

                Packages

                  Version Package
                  6.2.X EE
                  7.0.0 DXP FP1
                  7.0.2 CE GA3
                  7.0.0 DXP SP1
                  7.0.3 CE GA4
                  7.1.X
                  Master