-
Type:
Bug
-
Status: Closed
-
Resolution: Won't Fix
-
Affects Version/s: 7.0.3 CE GA4
-
Fix Version/s: None
-
Component/s: Application Security, Core Infrastructure > Util
-
Labels:None
Invalid characters between index 128 (inclusive) and 256 (hex 80 (inclusive) and 100) are not escaped by HtmlUtil.escape().
Steps to reproduce:
- Download and unzip the attached project.
- Test the project:
mvn clean package
If the bug still exists the tests will fail and the following errors will appear:
Failed tests: HtmlImpl_escape_Test.testHtmlImpl_escape:32 expected:<[»]> but was:<[»]> HtmlImpl_escape_Test.testHtmlImpl_escape0084:52 expected:<[ ]> but was:<[]> HtmlImpl_escape_Test.testHtmlImpl_escape0086:57 expected:<[ ]> but was:<[]> HtmlImpl_escape_Test.testHtmlImpl_escape009f:62 expected:<[ ]> but was:<[]> HtmlImpl_escape_Test.testHtmlImpl_escape00bb:47 expected:<[»]> but was:<[»]>
If the bug is fixed, the tests will pass.
Note that the tests can be run with the portal-kernel and portal-impl versions from Liferay 7.0.2 GA3 like so:
mvn clean package -P 7.0.2-ga3
The tests pass with the Liferay 7.0.2 GA3 portal-kernal and portal-impl.
The code that causes the error is on lines 121-123:
if ((c < 256) && ((c >= 128) || _VALID_CHARS[c])) { continue; }
Note that lines 140-142 of HtmlImpl indicate the intention to escape 'u00bb' to "»". Lines 152-156 indicate the intention to escape 'u0084', 'u0086', and 'u009f' to a space (" "). None of these replacements occur since the characters are between index 128 (inclusive) and 256 (hex 80 (inclusive) and 100).
- is caused by
-
- Closed