[LPS-66889] Clarify Javadocs for HtmlImpl.escapeAttribute - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Resolution: Fixed
Affects Version/s: 6.2.10 EE GA1, 7.0.1 CE GA2
Fix Version/s: 7.0.0 DXP FP1, 7.0.2 CE GA3, 7.0.0 DXP SP1, 7.0.3 CE GA4, Master
Component/s: Documentation
Labels:
- liferay-digital-enterprise-70-sp1
- liferay-fixpack-de-1-7010

Branch Version/s:

7.0.x
Backported to Branch:

Committed
Story Points:
1
Git Pull Request:
https://github.com/brianchandotcom/liferay-portal/pull/41821

Description

Make it clear that escapeAttribue can only be used if it's used with a quoted attribute. That is:

<div title="<%= HtmlUtil.escapeAttribute(untrustedValue) %>">

is ok. However,

<div title=<%= HtmlUtil.escapeAttribute(untrustedValue) %>>

is not ok.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

7.0pass.jpg
8 kB
27/Jul/16 7:27 PM
7.0 reproduce.jpg
12 kB
27/Jul/16 7:27 PM
masterpass.jpg
13 kB
27/Jul/16 7:27 PM

Activity

People

Assignee:

Steven Gao (Inactive)

Reporter:

Samuel Kong

Participants of an Issue:

Samuel Kong, Steven Gao

Recent user:

Csaba Turcsan

Votes:

0 Vote for this issue

Watchers:

0 Start watching this issue

Dates

Created:

29/Jun/16 1:11 AM

Updated:

09/May/19 8:10 AM

Resolved:

25/Jul/16 1:23 PM

Days since last comment:

3 years, 31 weeks, 1 day ago

Packages

Version	Package
7.0.0 DXP FP1
7.0.2 CE GA3
7.0.0 DXP SP1
7.0.3 CE GA4
Master