Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0002875Openbravo ERPZ. Otherspublic2008-04-16 08:542008-07-02 17:27
Reportercromero 
Assigned Toalostale 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version 
Target VersionFixed in Version2.40beta 
Merge Request Status
Review Assigned To
OBNetwork customerNo
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0002875: Generated pages do not allow double quotes (")
DescriptionIf you try to put double quotes in a text field, when you save data, any character after the double quoote is removed.
Steps To Reproduce
Proposed Solution
Additional Information
TagsNo tags attached.
Relationships
depends on backport 0003708 closed alostale Generated pages do not allow double quotes (") 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2008-07-02 17:27plujanStatusresolved => closed
2008-07-02 17:27plujanFixed in Version2.40alpha-r2 => 2.40beta

Notes
(0006464)
user71   
2005-06-01 00:00   
(edited on: 2008-06-12 09:43)
This bug was originally reported in SourceForge bug tracker and then migrated to Mantis.

You can see the original bug report in:
https://sourceforge.net/support/tracker.php?aid=1943668 [^]
(0003545)
villind   
2008-04-28 11:12   
(edited on: 2008-06-12 09:25)
Logged In: YES
user_id=61737
Originator: NO

I would say that the priority for this is definitely higher and needs to be fixed in maintenance branch also.
(0003546)
villind   
2008-04-28 14:35   
(edited on: 2008-06-12 09:25)
Logged In: YES
user_id=61737
Originator: NO

Also textarea content is not escaped properly. Try for example adding following in the Sales Order description field:


 This breaks </textarea> <img src="http://www.freebsd.org/layout/images/beastie.png"/> [^]
(0003547)
villind   
2008-04-29 21:23   
(edited on: 2008-06-12 09:25)
Logged In: YES
user_id=61737
Originator: NO

Experimental patch created, see:
https://sourceforge.net/tracker/index.php?func=detail&aid=1954404&group_id=162271&atid=823131 [^]
(0003548)
alostale   
2008-05-09 17:34   
(edited on: 2008-06-12 09:25)
Logged In: YES
user_id=1500722
Originator: NO

XMLEngine already implements an attribute to this kind of characters parsing: replaceCharacters="htmlPreformated"

r4101
(0003549)
villind   
2008-05-09 22:28   
(edited on: 2008-06-12 09:25)
Logged In: YES
user_id=61737
Originator: NO

Ok, I understand the fix for text within XML element, but not really for XML attributes. Why would XMLEngine ever write an attribute value without escaping it?
(0003550)
alostale   
2008-05-12 09:53   
(edited on: 2008-06-12 09:25)
Logged In: YES
user_id=1500722
Originator: NO

Maybe I didn't explain it enough well.

replaceCharacters is an XMLEngine attribute which replaces the assigned value escaping the characters, it affects to the passed text but not to the attribute.
(0003551)
villind   
2008-05-12 15:20   
(edited on: 2008-06-12 09:25)
Logged In: YES
user_id=61737
Originator: NO

Yes, I understand, but it is possible to prin broken XML with src-core/src/org/openbravo/xmlEngine/AttributeItemValue.java

I can't find any usecase where that should not escape the attribute value.
(0003552)
villind   
2008-05-18 17:55   
(edited on: 2008-06-12 09:25)
Logged In: YES
user_id=61737
Originator: NO

Textareas still break with 2.40alpha-r1