Re: bug: entering ampersand in text field causes error
Locked
Re: bug: entering ampersand in text field causes error
 
|
A fix for this one is fairly small:
In the ORBEON.xforms.Server.executeNextRequest function in xforms.js there's already logic to escape < characters: if (typeof event.value == "string") event.value = event.value.replace(XFORMS_REGEXP_OPEN_ANGLE, "<"); This can be extended to escape ampersands also: if (typeof event.value == "string") { event.value = event.value.replace(XFORMS_REGEXP_OPEN_ANGLE, "<"); event.value = event.value.replace(XFORMS_REGEXP_AMPERSAND, "&"); } Where is XFORMS_REGEXP_AMPERSAND is a global similar to XFORMS_REGEXP_OPEN_ANGLE: var XFORMS_REGEXP_AMPERSAND = new RegExp("&", "g"); Adrian Erik Bruchez wrote: Adrian, Ouch! I reproduced this and entered a bug: http://forge.objectweb.org/tracker/index.php?func=detail&aid=306171&group_id=168&atid=350207 -Erik Adrian Baker wrote:If I enter the ampersand (&) character into a text field it causes an error. Looks like it's not being escaped correctly somewhere along the chain. Here's the stack trace: org.orbeon.oxf.common.ValidationException: file:/C:/dev/Venice.orbeon/Common/CommonService/build/main/catalina-base/temp/upload_31688f_10dbe0a84f6__7ff4_00000109.tmp, line 6, column 110: Fatal error: The entity name must immediately follow the '&' in the entity reference. file:/C:/dev/Venice.orbeon/Common/CommonService/build/main/catalina-base/temp/upload_31688f_10dbe0a84f6__7ff4_00000109.tmp, line 6, column 110: Fatal error: The entity name must immediately follow the '&' in the entity reference. at org.orbeon.oxf.xml.XMLUtils$ErrorHandler.fatalError(XMLUtils.java:207) at orbeon.apache.xerces.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:218) at orbeon.apache.xerces.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:384) at orbeon.apache.xerces.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:314) at orbeon.apache.xerces.impl.XMLScanner.reportFatalError(XMLScanner.java:1436) at orbeon.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanEntityReference(XMLDocumentFragmentScannerImpl.java:1134) at orbeon.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(XMLDocumentFragmentScannerImpl.java:1597) at orbeon.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:338) at orbeon.apache.xerces.parsers.XML11Configuration.parse(XML11Configuration.java:828) at orbeon.apache.xerces.parsers.XML11Configuration.parse(XML11Configuration.java:758) at orbeon.apache.xerces.parsers.XMLParser.parse(XMLParser.java:148) at orbeon.apache.xerces.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1178) at org.orbeon.oxf.processor.generator.URLGenerator$URLResourceHandler.readXML(URLGenerator.java:791) at org.orbeon.oxf.processor.generator.URLGenerator$1.readImpl(URLGenerator.java:402) at org.orbeon.oxf.processor.ProcessorImpl$6.read(ProcessorImpl.java:1012) at org.orbeon.oxf.processor.ProcessorImpl$ProcessorOutputImpl$ConcreteProcessorFilter$ForwarderProcessorOutput.read(ProcessorImpl.java:966) at org.orbeon.oxf.processor.ProcessorImpl.readInputAsSAX(ProcessorImpl.java:348) at org.orbeon.oxf.processor.validation.MSVValidationProcessor.access$700(MSVValidationProcessor.java:44) at org.orbeon.oxf.processor.validation.MSVValidationProcessor$5.readImpl(MSVValidationProcessor.java:219) at org.orbeon.oxf.processor.ProcessorImpl$6.read(ProcessorImpl.java:1012) at org.orbeon.oxf.processor.ProcessorImpl$ProcessorOutputImpl.read(ProcessorImpl.java:1195) at org.orbeon.oxf.processor.ProcessorImpl$ProcessorOutputImpl$ConcreteProcessorFilter.read(ProcessorImpl.java:990) at org.orbeon.oxf.processor.ProcessorImpl$ProcessorOutputImpl.read(ProcessorImpl.java:1195) at org.orbeon.oxf.processor.ProcessorImpl.readInputAsSAX(ProcessorImpl.java:348) at org.orbeon.oxf.processor.ProcessorImpl.readInputAsDOM4J(ProcessorImpl.java:403) at org.orbeon.oxf.processor.ProcessorImpl.readInputAsDOM4J(ProcessorImpl.java:412) at org.orbeon.oxf.xforms.processor.XFormsServer.doIt(XFormsServer.java:102) at org.orbeon.oxf.xforms.processor.XFormsServer.access$000(XFormsServer.java:48) at org.orbeon.oxf.xforms.processor.XFormsServer$1.readImpl(XFormsServer.java:77) at org.orbeon.oxf.processor.ProcessorImpl$6.read(ProcessorImpl.java:1012) at org.orbeon.oxf.processor.ProcessorImpl$ProcessorOutputImpl$ConcreteProcessorFilter$ForwarderProcessorOutput.read(ProcessorImpl.java:966) at org.orbeon.oxf.processor.ProcessorImpl.readInputAsSAX(ProcessorImpl.java:348) at org.orbeon.oxf.processor.validation.MSVValidationProcessor.access$700(MSVValidationProcessor.java:44) at org.orbeon.oxf.processor.validation.MSVValidationProcessor$5.readImpl(MSVValidationProcessor.java:219) at org.orbeon.oxf.processor.ProcessorImpl$6.read(ProcessorImpl.java:1012) at org.orbeon.oxf.processor.ProcessorImpl$ProcessorOutputImpl.read(ProcessorImpl.java:1195) at org.orbeon.oxf.processor.ProcessorImpl$ProcessorOutputImpl$ConcreteProcessorFilter.read(ProcessorImpl.java:990) at org.orbeon.oxf.processor.ProcessorImpl$ProcessorOutputImpl.read(ProcessorImpl.java:1195) at org.orbeon.oxf.processor.ProcessorImpl.readInputAsSAX(ProcessorImpl.java:348) at org.orbeon.oxf.processor.serializer.legacy.XMLSerializer.readInput(XMLSerializer.java:58) at org.orbeon.oxf.processor.serializer.HttpTextSerializer.readInput(HttpTextSerializer.java:54) at org.orbeon.oxf.processor.serializer.HttpSerializerBase$1.read(HttpSerializerBase.java:147) at org.orbeon.oxf.processor.ProcessorImpl.readCacheInputAsObject(ProcessorImpl.java:470) at org.orbeon.oxf.processor.serializer.HttpSerializerBase.start(HttpSerializerBase.java:138) at org.orbeon.oxf.processor.pipeline.PipelineProcessor$11.run(PipelineProcessor.java:652) at org.orbeon.oxf.processor.ProcessorImpl.executeChildren(ProcessorImpl.java:536) at org.orbeon.oxf.processor.pipeline.PipelineProcessor.start(PipelineProcessor.java:649) at org.orbeon.oxf.pipeline.InitUtils.runProcessor(InitUtils.java:86) at org.orbeon.oxf.webapp.ProcessorService.service(ProcessorService.java:95) at org.orbeon.oxf.servlet.OPSServletDelegate.service(OPSServletDelegate.java:147) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.orbeon.oxf.servlet.OPSServlet.service(OPSServlet.java:75) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at com.orchestral.servlet.filter.NoCacheFilter.doFilter(NoCacheFilter.java:4) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) at par> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929) at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:300) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:374) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:743) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:675) at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:866) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684) at java.lang.Thread.run(Thread.java:534) Adrian -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws |
Re: bug: entering ampersand in text field causes error
|
Administrator
|
Adrian,
The fix is committed. The only difference with your solution is to filter the ampersand before the opening bracket, not after ;-) -Erik Adrian Baker wrote: > A fix for this one is fairly small: > > In the ORBEON.xforms.Server.executeNextRequest function in xforms.js > there's already logic to escape < characters: > > if (typeof event.value == "string") > event.value = event.value.replace(XFORMS_REGEXP_OPEN_ANGLE, "<"); > > This can be extended to escape ampersands also: > > if (typeof event.value == "string") { > event.value = event.value.replace(XFORMS_REGEXP_OPEN_ANGLE, "<"); > event.value = event.value.replace(XFORMS_REGEXP_AMPERSAND, "&"); > } > > Where is XFORMS_REGEXP_AMPERSAND is a global similar to > XFORMS_REGEXP_OPEN_ANGLE: > var XFORMS_REGEXP_AMPERSAND = new RegExp("&", "g"); > > Adrian > > Erik Bruchez wrote: >> Adrian, >> >> Ouch! I reproduced this and entered a bug: >> >> http://forge.objectweb.org/tracker/index.php?func=detail&aid=306171&group_id=168&atid=350207 >> >> -Erik >> >> Adrian Baker wrote: >> >>> If I enter the ampersand (&) character into a text field it causes an >>> error. Looks like it's not being escaped correctly somewhere along the >>> chain. Here's the stack trace: >>> >>> org.orbeon.oxf.common.ValidationException: >>> file:/C:/dev/Venice.orbeon/Common/CommonService/build/main/catalina-base/temp/upload_31688f_10dbe0a84f6__7ff4_00000109.tmp, >>> line 6, column 110: Fatal error: The entity name must immediately follow >>> the '&' in the entity reference. >>> file:/C:/dev/Venice.orbeon/Common/CommonService/build/main/catalina-base/temp/upload_31688f_10dbe0a84f6__7ff4_00000109.tmp, >>> line 6, column 110: Fatal error: The entity name must immediately follow >>> the '&' in the entity reference. >>> at >>> org.orbeon.oxf.xml.XMLUtils$ErrorHandler.fatalError(XMLUtils.java:207) >>> at >>> orbeon.apache.xerces.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:218) >>> at >>> orbeon.apache.xerces.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:384) >>> at >>> orbeon.apache.xerces.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:314) >>> at >>> orbeon.apache.xerces.impl.XMLScanner.reportFatalError(XMLScanner.java:1436) >>> at >>> orbeon.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanEntityReference(XMLDocumentFragmentScannerImpl.java:1134) >>> at >>> orbeon.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(XMLDocumentFragmentScannerImpl.java:1597) >>> at >>> orbeon.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:338) >>> at >>> orbeon.apache.xerces.parsers.XML11Configuration.parse(XML11Configuration.java:828) >>> at >>> orbeon.apache.xerces.parsers.XML11Configuration.parse(XML11Configuration.java:758) >>> at orbeon.apache.xerces.parsers.XMLParser.parse(XMLParser.java:148) >>> at >>> orbeon.apache.xerces.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1178) >>> at >>> org.orbeon.oxf.processor.generator.URLGenerator$URLResourceHandler.readXML(URLGenerator.java:791) >>> at >>> org.orbeon.oxf.processor.generator.URLGenerator$1.readImpl(URLGenerator.java:402) >>> at >>> org.orbeon.oxf.processor.ProcessorImpl$6.read(ProcessorImpl.java:1012) >>> at >>> org.orbeon.oxf.processor.ProcessorImpl$ProcessorOutputImpl$ConcreteProcessorFilter$ForwarderProcessorOutput.read(ProcessorImpl.java:966) >>> at >>> org.orbeon.oxf.processor.ProcessorImpl.readInputAsSAX(ProcessorImpl.java:348) >>> at >>> org.orbeon.oxf.processor.validation.MSVValidationProcessor.access$700(MSVValidationProcessor.java:44) >>> at >>> org.orbeon.oxf.processor.validation.MSVValidationProcessor$5.readImpl(MSVValidationProcessor.java:219) >>> at >>> org.orbeon.oxf.processor.ProcessorImpl$6.read(ProcessorImpl.java:1012) >>> at >>> org.orbeon.oxf.processor.ProcessorImpl$ProcessorOutputImpl.read(ProcessorImpl.java:1195) >>> at >>> org.orbeon.oxf.processor.ProcessorImpl$ProcessorOutputImpl$ConcreteProcessorFilter.read(ProcessorImpl.java:990) >>> at >>> org.orbeon.oxf.processor.ProcessorImpl$ProcessorOutputImpl.read(ProcessorImpl.java:1195) >>> at >>> org.orbeon.oxf.processor.ProcessorImpl.readInputAsSAX(ProcessorImpl.java:348) >>> at >>> org.orbeon.oxf.processor.ProcessorImpl.readInputAsDOM4J(ProcessorImpl.java:403) >>> at >>> org.orbeon.oxf.processor.ProcessorImpl.readInputAsDOM4J(ProcessorImpl.java:412) >>> at >>> org.orbeon.oxf.xforms.processor.XFormsServer.doIt(XFormsServer.java:102) >>> at >>> org.orbeon.oxf.xforms.processor.XFormsServer.access$000(XFormsServer.java:48) >>> at >>> org.orbeon.oxf.xforms.processor.XFormsServer$1.readImpl(XFormsServer.java:77) >>> at >>> org.orbeon.oxf.processor.ProcessorImpl$6.read(ProcessorImpl.java:1012) >>> at >>> org.orbeon.oxf.processor.ProcessorImpl$ProcessorOutputImpl$ConcreteProcessorFilter$ForwarderProcessorOutput.read(ProcessorImpl.java:966) >>> at >>> org.orbeon.oxf.processor.ProcessorImpl.readInputAsSAX(ProcessorImpl.java:348) >>> at >>> org.orbeon.oxf.processor.validation.MSVValidationProcessor.access$700(MSVValidationProcessor.java:44) >>> at >>> org.orbeon.oxf.processor.validation.MSVValidationProcessor$5.readImpl(MSVValidationProcessor.java:219) >>> at >>> org.orbeon.oxf.processor.ProcessorImpl$6.read(ProcessorImpl.java:1012) >>> at >>> org.orbeon.oxf.processor.ProcessorImpl$ProcessorOutputImpl.read(ProcessorImpl.java:1195) >>> at >>> org.orbeon.oxf.processor.ProcessorImpl$ProcessorOutputImpl$ConcreteProcessorFilter.read(ProcessorImpl.java:990) >>> at >>> org.orbeon.oxf.processor.ProcessorImpl$ProcessorOutputImpl.read(ProcessorImpl.java:1195) >>> at >>> org.orbeon.oxf.processor.ProcessorImpl.readInputAsSAX(ProcessorImpl.java:348) >>> at >>> org.orbeon.oxf.processor.serializer.legacy.XMLSerializer.readInput(XMLSerializer.java:58) >>> at >>> org.orbeon.oxf.processor.serializer.HttpTextSerializer.readInput(HttpTextSerializer.java:54) >>> at >>> org.orbeon.oxf.processor.serializer.HttpSerializerBase$1.read(HttpSerializerBase.java:147) >>> at >>> org.orbeon.oxf.processor.ProcessorImpl.readCacheInputAsObject(ProcessorImpl.java:470) >>> at >>> org.orbeon.oxf.processor.serializer.HttpSerializerBase.start(HttpSerializerBase.java:138) >>> at >>> org.orbeon.oxf.processor.pipeline.PipelineProcessor$11.run(PipelineProcessor.java:652) >>> at >>> org.orbeon.oxf.processor.ProcessorImpl.executeChildren(ProcessorImpl.java:536) >>> at >>> org.orbeon.oxf.processor.pipeline.PipelineProcessor.start(PipelineProcessor.java:649) >>> at org.orbeon.oxf.pipeline.InitUtils.runProcessor(InitUtils.java:86) >>> at >>> org.orbeon.oxf.webapp.ProcessorService.service(ProcessorService.java:95) >>> at >>> org.orbeon.oxf.servlet.OPSServletDelegate.service(OPSServletDelegate.java:147) >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) >>> at org.orbeon.oxf.servlet.OPSServlet.service(OPSServlet.java:75) >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) >>> at >>> com.orchestral.servlet.filter.NoCacheFilter.doFilter(NoCacheFilter.java:4) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) >>> at >>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214) >>> at >>> org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) >>> at >>> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) >>> at >>> org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198) >>> at >>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152) >>> at >>> org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) >>> at par> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) >>> at >>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137) >>> at >>> org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) >>> at >>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118) >>> at >>> org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) >>> at >>> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) >>> at >>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >>> at >>> org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) >>> at >>> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) >>> at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929) >>> at >>> org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160) >>> at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:300) >>> at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:374) >>> at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:743) >>> at >>> org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:675) >>> at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:866) >>> at >>> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684) >>> at java.lang.Thread.run(Thread.java:534) >>> >>> Adrian >>> >> >> >> ------------------------------------------------------------------------ >> >> >> -- >> You receive this message as a subscriber of the [hidden email] mailing list. >> To unsubscribe: mailto:[hidden email] >> For general help: mailto:[hidden email]?subject=help >> ObjectWeb mailing lists service home page: http://www.objectweb.org/wws >> > > ------------------------------------------------------------------------ > > > -- > You receive this message as a subscriber of the [hidden email] mailing list. > To unsubscribe: mailto:[hidden email] > For general help: mailto:[hidden email]?subject=help > ObjectWeb mailing lists service home page: http://www.objectweb.org/wws -- Orbeon - XForms Everywhere: http://www.orbeon.com/blog/ -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws |
«
Return to Orbeon Forms community mailing list
|
1 view|%1 views
| Free forum by Nabble | Edit this page |