From 8716f61690ca1161fd3ab81666f35938633258e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EC=96=91=EB=B4=89=EC=88=98=5BPaaS=5D?= Date: Wed, 20 May 2020 16:34:38 +0900 Subject: [PATCH 1/2] '-' and '_' may be treated in plain letters. --- .../java/org/owasp/html/HtmlEntities.java | 1 + .../java/org/owasp/html/HtmlEntitiesTest.java | 23 +++++++++++++++++++ 2 files changed, 24 insertions(+) create mode 100644 src/test/java/org/owasp/html/HtmlEntitiesTest.java diff --git a/src/main/java/org/owasp/html/HtmlEntities.java b/src/main/java/org/owasp/html/HtmlEntities.java index 08423268..6c1e6636 100644 --- a/src/main/java/org/owasp/html/HtmlEntities.java +++ b/src/main/java/org/owasp/html/HtmlEntities.java @@ -2232,6 +2232,7 @@ public static int appendDecodedEntity( case 'y': case 'z': case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': + case '-': case '_': break; case '=': // An equal sign after an entity missing a closing semicolon should diff --git a/src/test/java/org/owasp/html/HtmlEntitiesTest.java b/src/test/java/org/owasp/html/HtmlEntitiesTest.java new file mode 100644 index 00000000..47ad8ebe --- /dev/null +++ b/src/test/java/org/owasp/html/HtmlEntitiesTest.java @@ -0,0 +1,23 @@ +package org.owasp.html; + +import static org.junit.Assert.*; + +import org.junit.Test; + +public class HtmlEntitiesTest { + + @Test + public void decodeTest() { + String input = "order"; + String output = Encoding.decodeHtml(input); + assertEquals("order", output); + + input = "order"; + output = Encoding.decodeHtml(input); + assertEquals("order", output); + + input = "order"; + output = Encoding.decodeHtml(input); + assertEquals("order", output); + } +} \ No newline at end of file From 5ed4cbccbb47ec21928f4a0e3fa2df7be36ebb99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EC=96=91=EB=B4=89=EC=88=98=5BPaaS=5D?= Date: Wed, 20 May 2020 17:13:16 +0900 Subject: [PATCH 2/2] change test code --- src/test/java/org/owasp/html/HtmlEntitiesTest.java | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/test/java/org/owasp/html/HtmlEntitiesTest.java b/src/test/java/org/owasp/html/HtmlEntitiesTest.java index 47ad8ebe..347cd05f 100644 --- a/src/test/java/org/owasp/html/HtmlEntitiesTest.java +++ b/src/test/java/org/owasp/html/HtmlEntitiesTest.java @@ -1,13 +1,14 @@ package org.owasp.html; -import static org.junit.Assert.*; - import org.junit.Test; -public class HtmlEntitiesTest { +import junit.framework.TestCase; + +@SuppressWarnings("javadoc") +public class HtmlEntitiesTest extends TestCase { @Test - public void decodeTest() { + public void testAfterAmpString() { String input = "order"; String output = Encoding.decodeHtml(input); assertEquals("order", output);