0002875: Generated pages do not allow double quotes (")

(0003545)
villind (viewer)
2008-04-28 11:12
edited on: 2008-06-12 09:25

Logged In: YES
user_id=61737
Originator: NO

I would say that the priority for this is definitely higher and needs to be fixed in maintenance branch also.

(0003546)
villind (viewer)
2008-04-28 14:35
edited on: 2008-06-12 09:25

Logged In: YES
user_id=61737
Originator: NO

Also textarea content is not escaped properly. Try for example adding following in the Sales Order description field:

This breaks </textarea> <img src="http://www.freebsd.org/layout/images/beastie.png"/> [^]

(0003547)
villind (viewer)
2008-04-29 21:23
edited on: 2008-06-12 09:25

Logged In: YES
user_id=61737
Originator: NO

Experimental patch created, see:
https://sourceforge.net/tracker/index.php?func=detail&aid=1954404&group_id=162271&atid=823131 [^]

(0003548)
alostale (viewer)
2008-05-09 17:34
edited on: 2008-06-12 09:25

Logged In: YES
user_id=1500722
Originator: NO

XMLEngine already implements an attribute to this kind of characters parsing: replaceCharacters="htmlPreformated"

r4101

(0003549)
villind (viewer)
2008-05-09 22:28
edited on: 2008-06-12 09:25

Logged In: YES
user_id=61737
Originator: NO

Ok, I understand the fix for text within XML element, but not really for XML attributes. Why would XMLEngine ever write an attribute value without escaping it?

(0003550)
alostale (viewer)
2008-05-12 09:53
edited on: 2008-06-12 09:25

Logged In: YES
user_id=1500722
Originator: NO

Maybe I didn't explain it enough well.

replaceCharacters is an XMLEngine attribute which replaces the assigned value escaping the characters, it affects to the passed text but not to the attribute.

(0003551)
villind (viewer)
2008-05-12 15:20
edited on: 2008-06-12 09:25

Logged In: YES
user_id=61737
Originator: NO

Yes, I understand, but it is possible to prin broken XML with src-core/src/org/openbravo/xmlEngine/AttributeItemValue.java

I can't find any usecase where that should not escape the attribute value.

(0003552)
villind (viewer)
2008-05-18 17:55
edited on: 2008-06-12 09:25

Logged In: YES
user_id=61737
Originator: NO

Textareas still break with 2.40alpha-r1

(0006464)
user71
2005-06-01 00:00
edited on: 2008-06-12 09:43

This bug was originally reported in SourceForge bug tracker and then migrated to Mantis.

You can see the original bug report in:
https://sourceforge.net/support/tracker.php?aid=1943668 [^]

Issue History
Date Modified	Username	Field	Change
2008-07-02 17:27	plujan	Status	resolved => closed
2008-07-02 17:27	plujan	Fixed in Version	2.40alpha-r2 => 2.40beta

Notes
(0003545) villind (viewer) 2008-04-28 11:12 edited on: 2008-06-12 09:25	Logged In: YES user_id=61737 Originator: NO I would say that the priority for this is definitely higher and needs to be fixed in maintenance branch also.

(0003546) villind (viewer) 2008-04-28 14:35 edited on: 2008-06-12 09:25	Logged In: YES user_id=61737 Originator: NO Also textarea content is not escaped properly. Try for example adding following in the Sales Order description field: This breaks </textarea> <img src="http://www.freebsd.org/layout/images/beastie.png"/> [^]

(0003547) villind (viewer) 2008-04-29 21:23 edited on: 2008-06-12 09:25	Logged In: YES user_id=61737 Originator: NO Experimental patch created, see: https://sourceforge.net/tracker/index.php?func=detail&aid=1954404&group_id=162271&atid=823131 [^]

(0003548) alostale (viewer) 2008-05-09 17:34 edited on: 2008-06-12 09:25	Logged In: YES user_id=1500722 Originator: NO XMLEngine already implements an attribute to this kind of characters parsing: replaceCharacters="htmlPreformated" r4101

(0003549) villind (viewer) 2008-05-09 22:28 edited on: 2008-06-12 09:25	Logged In: YES user_id=61737 Originator: NO Ok, I understand the fix for text within XML element, but not really for XML attributes. Why would XMLEngine ever write an attribute value without escaping it?

(0003550) alostale (viewer) 2008-05-12 09:53 edited on: 2008-06-12 09:25	Logged In: YES user_id=1500722 Originator: NO Maybe I didn't explain it enough well. replaceCharacters is an XMLEngine attribute which replaces the assigned value escaping the characters, it affects to the passed text but not to the attribute.

(0003551) villind (viewer) 2008-05-12 15:20 edited on: 2008-06-12 09:25	Logged In: YES user_id=61737 Originator: NO Yes, I understand, but it is possible to prin broken XML with src-core/src/org/openbravo/xmlEngine/AttributeItemValue.java I can't find any usecase where that should not escape the attribute value.

(0003552) villind (viewer) 2008-05-18 17:55 edited on: 2008-06-12 09:25	Logged In: YES user_id=61737 Originator: NO Textareas still break with 2.40alpha-r1

(0006464) user71 2005-06-01 00:00 edited on: 2008-06-12 09:43	This bug was originally reported in SourceForge bug tracker and then migrated to Mantis. You can see the original bug report in: https://sourceforge.net/support/tracker.php?aid=1943668 [^]