This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release22.01
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/release22.01 by this push:
new 02387ffea7 Fixed: Extend HTML Sanitizer - style attribute (OFBIZ-12691)
02387ffea7 is described below
commit 02387ffea720dd5f45b2abb34dc61e0f39868d97
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Tue Sep 13 13:16:22 2022 +0200
Fixed: Extend HTML Sanitizer - style attribute (OFBIZ-12691)
Forgot to update UtilCodecTests::testCheckStringForHtmlSafe.
UtilCodec::checkStringForHtmlSafe now returns HTML entities for quotes
(single
or double)
---
.../base/src/test/java/org/apache/ofbiz/base/util/UtilCodecTests.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
a/framework/base/src/test/java/org/apache/ofbiz/base/util/UtilCodecTests.java
b/framework/base/src/test/java/org/apache/ofbiz/base/util/UtilCodecTests.java
index 2603bd191e..c93c6ad55a 100644
---
a/framework/base/src/test/java/org/apache/ofbiz/base/util/UtilCodecTests.java
+++
b/framework/base/src/test/java/org/apache/ofbiz/base/util/UtilCodecTests.java
@@ -101,7 +101,7 @@ public class UtilCodecTests {
List<String> errorList = new ArrayList<>();
String canonicalizedXssVector =
UtilCodec.checkStringForHtmlSafe("fieldName", xssVector, errorList,
new Locale("test"), true); // labels are not available in
testClasses Gradle task
- assertEquals("<script>alert('XSS vector');</script>",
canonicalizedXssVector);
+ assertEquals("<script>alert('XSS vector');</script>",
canonicalizedXssVector);
assertEquals(1, errorList.size());
assertEquals("In field [fieldName] by our input policy, your input has
not been accepted for security reason. "
+ "Please check and modify accordingly, thanks.",
errorList.get(0));
