Skip to content

Commit

Permalink
Merge pull request wso2#4952 from Kanapriya/fix_double_encoding
Browse files Browse the repository at this point in the history
Avoid the double encoding by unescape an HTML string to a actual string
  • Loading branch information
Kanapriya authored Oct 2, 2023
2 parents 5f7f11e + 07e0800 commit 5801cc0
Showing 1 changed file with 9 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
import org.apache.axis2.client.ServiceClient;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
Expand Down Expand Up @@ -454,14 +455,19 @@ public static String i18n(ResourceBundle resourceBundle, String key) {
*/
public static String i18nBase64(ResourceBundle resourceBundle, String key) {

String base64Key = Base64.encode(key.getBytes(StandardCharsets.UTF_8)).replaceAll(PADDING_CHAR, UNDERSCORE);
/*
If the key is encoded already, before encoding (avoid double encoding) it within this method,
Unescapes an HTML string to a string containing the actual Unicode characters corresponding to the escapes.
*/
String unescapedKey = StringEscapeUtils.unescapeHtml(key);
String base64Key = Base64.encode(unescapedKey.getBytes(StandardCharsets.UTF_8)).replaceAll(PADDING_CHAR, UNDERSCORE);
try {
return Encode.forHtml((StringUtils.isNotBlank(resourceBundle.getString(base64Key)) ?
resourceBundle.getString(base64Key) : key));
resourceBundle.getString(base64Key) : unescapedKey));
} catch (Exception e) {
// Intentionally catching Exception and if something goes wrong while finding the value for key, return
// default, not to break the UI
return Encode.forHtml(key);
return Encode.forHtml(unescapedKey);
}
}

Expand Down

0 comments on commit 5801cc0

Please sign in to comment.