Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-75183

HtmlUtil.escape() fails to escape/remove invalid characters between 128 (inclusive) and 256

    Details

      Description

      Invalid characters between index 128 (inclusive) and 256 (hex 80 (inclusive) and 100) are not escaped by HtmlUtil.escape().

      Steps to reproduce:

      1. Download and unzip the attached project.
      2. Test the project:
         mvn clean package
        

      If the bug still exists the tests will fail and the following errors will appear:

      Failed tests:
        HtmlImpl_escape_Test.testHtmlImpl_escape:32 expected:<[&#187;]> but was:<[»]>
        HtmlImpl_escape_Test.testHtmlImpl_escape0084:52 expected:<[ ]> but was:<[„]>
        HtmlImpl_escape_Test.testHtmlImpl_escape0086:57 expected:<[ ]> but was:<[†]>
        HtmlImpl_escape_Test.testHtmlImpl_escape009f:62 expected:<[ ]> but was:<[Ÿ]>
        HtmlImpl_escape_Test.testHtmlImpl_escape00bb:47 expected:<[&#187;]> but was:<[»]>
      

      If the bug is fixed, the tests will pass.

      Note that the tests can be run with the portal-kernel and portal-impl versions from Liferay 7.0.2 GA3 like so:

      mvn clean package -P 7.0.2-ga3
      

      The tests pass with the Liferay 7.0.2 GA3 portal-kernal and portal-impl.

      The code that causes the error is on lines 121-123:

      if ((c < 256) && ((c >= 128) || _VALID_CHARS[c])) {
          continue;
      }
      

      Note that lines 140-142 of HtmlImpl indicate the intention to escape 'u00bb' to "&#187;". Lines 152-156 indicate the intention to escape 'u0084', 'u0086', and 'u009f' to a space (" "). None of these replacements occur since the characters are between index 128 (inclusive) and 256 (hex 80 (inclusive) and 100).

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since last comment:
                  2 years, 5 weeks ago

                  Packages

                  Version Package