[LPS-66889] Clarify Javadocs for HtmlImpl.escapeAttribute - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Resolution: Fixed
Affects Version/s: 6.2.10 EE GA1, 7.0.1 CE GA2
Fix Version/s: 7.0.0 DXP FP1, 7.0.2 CE GA3, 7.0.0 DXP SP1, 7.0.3 CE GA4, Master
Component/s: Documentation
Labels:
- liferay-digital-enterprise-70-sp1
- liferay-fixpack-de-1-7010

Branch Version/s:

7.0.x
Backported to Branch:

Committed
Story Points:
1
Git Pull Request:
https://github.com/brianchandotcom/liferay-portal/pull/41821

Description

Make it clear that escapeAttribue can only be used if it's used with a quoted attribute. That is:

<div title="<%= HtmlUtil.escapeAttribute(untrustedValue) %>">

is ok. However,

<div title=<%= HtmlUtil.escapeAttribute(untrustedValue) %>>

is not ok.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

7.0pass.jpg
8 kB
27/Jul/16 7:27 PM
7.0 reproduce.jpg
12 kB
27/Jul/16 7:27 PM
masterpass.jpg
13 kB
27/Jul/16 7:27 PM

Activity

People

Assignee:: Steven Gao (Inactive)

Reporter:: Samuel Kong

Participants of an Issue:: Samuel Kong, Steven Gao

Recent user:: Csaba Turcsan

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 29/Jun/16 1:11 AM

Updated:: 09/May/19 8:10 AM

Resolved:: 25/Jul/16 1:23 PM

Days since last comment:: 5 years, 9 weeks, 4 days ago

Packages

Version	Package
7.0.0 DXP FP1
7.0.2 CE GA3
7.0.0 DXP SP1
7.0.3 CE GA4
Master