Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ComponentUtils.getHrefURL: lack of encoding #3409

Closed
cnsgithub opened this issue Mar 5, 2018 · 4 comments
Closed

ComponentUtils.getHrefURL: lack of encoding #3409

cnsgithub opened this issue Mar 5, 2018 · 4 comments
Labels
enhancement Additional functionality to current component
Milestone
7.0

Comments

@cnsgithub
Copy link
Contributor

cnsgithub commented Mar 5, 2018
edited

As already mentioned in this commit comment parameter keys are not encoded. This may lead to HTTP parameter pollution.

Fragments are also not encoded. See comment below
cnsgithub added a commit to cnsgithub/primefaces that referenced this issue Mar 5, 2018
@cnsgithub
primefaces#3409 - encode parameter keys as well
20e9d2f
@cnsgithub
Copy link
Contributor Author

PR: #3410

@cnsgithub
Copy link
Contributor Author

@jasonex7 Your method seems to assume that the baseUrl already is correctly encoded in all parts: paths, parameters, fragment. Is that correct? Then we should make it a convention in javadoc or maybe annotate the baseUrl parameter with @Encoded (borrow from javax.ws.rs?) to avoid double encoding. What do you think?

tandraschko added a commit that referenced this issue Mar 15, 2018
@tandraschko
Merge pull request #3410 from cnsgithub/fixes-3409-urlencoding
e3b5e3f 
#3409 - encode parameter keys as well
@tandraschko tandraschko added the enhancement Additional functionality to current component label Mar 15, 2018
@tandraschko tandraschko added this to the 6.3 milestone Mar 15, 2018
@jasonex7
Copy link
Contributor

@cnsgithub I encode only the values of OutcomeTarget.getParams() because the original request had only EL in value attribute, but it's good that param key was also encoded. Thanks for the observation and commit.

@cnsgithub
Copy link
Contributor Author

@jasonex7 Ok. However, as getHrefURL is located in ComponentUtils, you have to expect it to be used in other locations as well in future.

@jasonex7 jasonex7 mentioned this issue Jun 11, 2018
Merged
Rapster added a commit to Rapster/primefaces that referenced this issue Jul 8, 2023
@Rapster
Fix primefaces#3409 - Datatable: ColumnGroup refactoring
cd04ab6
Rapster added a commit to Rapster/primefaces that referenced this issue Jul 8, 2023
@Rapster
Fix primefaces#3409 - Datatable: ColumnGroup refactoring
5015a37
Rapster added a commit to Rapster/primefaces that referenced this issue Oct 15, 2023
@Rapster
Fix primefaces#3409 - Datatable: ColumnGroup refactoring
93bd098
Rapster added a commit to Rapster/primefaces that referenced this issue Oct 15, 2023
@Rapster
Fix primefaces#3409 - Datatable: ColumnGroup refactoring
5b5255b
Rapster added a commit to Rapster/primefaces that referenced this issue May 26, 2024
@Rapster
Fix primefaces#3409 - Datatable: ColumnGroup refactoring
e3b8e2c
Rapster added a commit to Rapster/primefaces that referenced this issue May 26, 2024
@Rapster
Fix primefaces#3409 - Datatable: ColumnGroup refactoring
2435989
Rapster added a commit to Rapster/primefaces that referenced this issue Jun 8, 2024
@Rapster
Fix primefaces#3409 - Datatable: ColumnGroup refactoring
11d68d5
Rapster added a commit to Rapster/primefaces that referenced this issue Jun 8, 2024
@Rapster
Fix primefaces#3409 - Datatable: ColumnGroup refactoring
3d09a9e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Additional functionality to current component
Projects
None yet
Milestone
7.0
Development

No branches or pull requests
3 participants
@tandraschko @cnsgithub @jasonex7