Ofbiz: How to escape characters in ofbiz widget

**administractor** · 05-08-2015, 11:48 AM

I need to display in browser, a value that comes from url parameters. To avoid XSS attacks this value should to be escaped.

The value is set in PScreens.xml as following :

HTML Code:

<screen name="Product">
<section>
 <actions>
  <set field="productId" from-field="parameters.productId"/>
 </actions>
<widgets>
 ...
</widgets>

And is included in PForms.xml :

HTML Code:

<field name="productId" tooltip="${uiLabelMap.ProductId} [${productId}]"><text /></field>

Initially I tried to escape the value from PForms.xml:

HTML Code:

tooltip="${uiLabelMap.ProductId} [${productId}]"

but I did not found any solution.

Can you suggest a solution to escape the value from PScreens.xml?

HTML Code:

<set field="productId" from-field="parameters.productId"/>

Thank You.

**administractor** · 05-11-2015, 07:34 AM

Does anyone have any suggestions?

**administractor** · 07-23-2015, 08:30 AM

here is a bug in ofbiz, so we are waiting it to be fixed:
https://issues.apache.org/jira/brows...6506?filter=-2

related issues:
http://stackoverflow.com/questions/3...n-ofbiz-widget
http://stackoverflow.com/questions/3...y-xss-in-ofbiz

Thread: Ofbiz: How to escape characters in ofbiz widget

Thread Tools

Search Thread

Ofbiz: How to escape characters in ofbiz widget

Similar Threads

OFBiz

Ofbiz Application Need to Restart

Ofbiz: call same controller on refresh

ASK: Ofbiz Web Service Client

Getting Started with OfBiz

Bookmarks

Bookmarks

Posting Permissions