myfaces-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jakob Korherr (JIRA)" <...@myfaces.apache.org>
Subject [jira] Resolved: (EXTCDI-87) ExternalContext.encodeActionUrl() must not be used for URL parameter values
Date Sat, 27 Nov 2010 10:09:16 GMT

     [ https://issues.apache.org/jira/browse/EXTCDI-87?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jakob Korherr resolved EXTCDI-87.
---------------------------------

       Resolution: Fixed
    Fix Version/s: 0.9.1

> ExternalContext.encodeActionUrl() must not be used for URL parameter values
> ---------------------------------------------------------------------------
>
>                 Key: EXTCDI-87
>                 URL: https://issues.apache.org/jira/browse/EXTCDI-87
>             Project: MyFaces CODI
>          Issue Type: Bug
>          Components: JEE-JSF12-Module, JEE-JSF20-Module
>    Affects Versions: 0.9.0
>            Reporter: Jakob Korherr
>            Assignee: Jakob Korherr
>             Fix For: 0.9.1
>
>
> Currently there are some places where we're using ExternalContext.encodeActionUrl().
Sometimes the value is a whole URL - in this case encodeActionUrl() fits. However sometimes
we're using it to encode a URL parameter value, which is wrong, because this method is designed
to encode the final URL including all parameters and thus does not encode parameter values
as expected.
> The right way is to use URLEncoder.encode() for URL parameter values. See MyFaces' ExternalContext
impl for details: ServletExternalContextImpl.encodeURL().

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message