Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-66794

Result of escapeCSS is incorrect if the escaped character is followed by a number

    Details

      Description

      <style type="text/css">
      h1:before {
          content: "<%= HtmlUtil.escapeCSS("'1") %>";
      }
      </style>
      <h1>Hello World</h1>
      

      Expected result
      '1Hello World
      Actual result
      ╔▒Hello World

      The problem is ' is escaped to \27. However, the next character is 1. So you end up with \271, which is different character.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                melody.wu Melody Wu
                Reporter:
                samuel.kong Samuel Kong
                Participants of an Issue:
                Recent user:
                Csaba Turcsan
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since last comment:
                  3 years, 13 weeks, 3 days ago

                  Packages

                  Version Package
                  6.2.X EE
                  7.0.0 DXP FP1
                  7.0.2 CE GA3
                  7.0.0 DXP SP1
                  7.0.3 CE GA4
                  7.1.X
                  Master