[
https://issues.apache.org/jira/browse/EXTCDI-87?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jakob Korherr resolved EXTCDI-87.
---------------------------------
Resolution: Fixed
Fix Version/s: 0.9.1
> ExternalContext.encodeActionUrl() must not be used for URL parameter values
> ---------------------------------------------------------------------------
>
> Key: EXTCDI-87
> URL: https://issues.apache.org/jira/browse/EXTCDI-87
> Project: MyFaces CODI
> Issue Type: Bug
> Components: JEE-JSF12-Module, JEE-JSF20-Module
> Affects Versions: 0.9.0
> Reporter: Jakob Korherr
> Assignee: Jakob Korherr
> Fix For: 0.9.1
>
>
> Currently there are some places where we're using
> ExternalContext.encodeActionUrl(). Sometimes the value is a whole URL - in
> this case encodeActionUrl() fits. However sometimes we're using it to encode
> a URL parameter value, which is wrong, because this method is designed to
> encode the final URL including all parameters and thus does not encode
> parameter values as expected.
> The right way is to use URLEncoder.encode() for URL parameter values. See
> MyFaces' ExternalContext impl for details:
> ServletExternalContextImpl.encodeURL().
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
