Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-66889

Clarify Javadocs for HtmlImpl.escapeAttribute

    Details

      Description

      Make it clear that escapeAttribue can only be used if it's used with a quoted attribute. That is:

      <div title="<%= HtmlUtil.escapeAttribute(untrustedValue) %>">

      is ok. However,

      <div title=<%= HtmlUtil.escapeAttribute(untrustedValue) %>>

      is not ok.

        Attachments

        1. 7.0pass.jpg
          7.0pass.jpg
          8 kB
        2. 7.0 reproduce.jpg
          7.0 reproduce.jpg
          12 kB
        3. masterpass.jpg
          masterpass.jpg
          13 kB

          Activity

            People

            • Assignee:
              steven.gao Steven Gao (Inactive)
              Reporter:
              samuel.kong Samuel Kong
              Participants of an Issue:
              Recent user:
              Csaba Turcsan
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                3 years, 31 weeks, 1 day ago

                Packages

                Version Package
                7.0.0 DXP FP1
                7.0.2 CE GA3
                7.0.0 DXP SP1
                7.0.3 CE GA4
                Master