/[Apache-SVN]
ViewVC logotype

Revision 1815192

Jump to revision: Previous Next
Author: jleroux
Date: Tue Nov 14 09:33:19 2017 UTC (6 years, 5 months ago)
Changed paths: 1
Log Message: 
Improved: Fixing defects reported by FindBugs, package 
org.apache.ofbiz.securityext.login.
(OFBIZ-9637)

No functional change.

I prefer to use URLEncoder.encode(reqParam, "UTF-8") rather than ESAPI HTML 
encoder for 3 reasons:
*  URLEncoder.encode() is sufficient to answer to HTTP response splitting using 
  	Percent-encoding (aka  URL encoding)
*  Consistent and simpler code using basic Java
*  Using "UTF-8" is (more than) recommended, see 
	https://docs.oracle.com/javase/8/docs/api/java/net/URLEncoder.html
	
I will check what using ESAPI HTML encoder entails. As JavaDOc says "Not doing 
so  may introduce incompatibilities." We have 30+ cases, they are maybe OK, but
we need to check...

Changed paths

Path Details
Directoryofbiz/ofbiz-framework/trunk/applications/securityext/src/main/java/org/apache/ofbiz/securityext/login/LoginEvents.java modified , text changed
infrastructure at apache.org
 ViewVC Help
Powered by ViewVC 1.1.26