Closed davideicardi closed 1 month ago
Hey @davideicardi,
I tried to investigate this issue and following are my findings,
NoResourceFoundException
spring.url
will again convert it as unescaped one.I started looking into the code recently, I could be wrong with my analysis. Feel free to correct me and guide for the same.
Looking forward to contribute more with this project. Let me know if any further investigation is required.
Thank you @aakashthakare! Regarding the resource not found, it is a problem of the id pased in the wrong way? Or maybe some other server side problems?
Hello @davideicardi, thanks for the response. Yes, need to fix from server side. The URL consumer/my-second-consumer-group-<a>new</a>
failing to reach the controller, We need to HTML encode it in URL, while on the server side we need to HTML decode the consumer id.
What if you pass it as URL encoded? (not HTML encoded ...)
It will solve upto some extent, not completely.
For example, consumer group id is test-<a>it</a>
, if URL encoded will become test-%3Ca%3Eit%3C%2Fa%3E
, this we can do while returning the consumer group. However, it gets automatically decoded when clicked on consumer link consumer/test-%3Ca%3Eit%3C%2Fa%3E
, and we get A 404 error has occurred: No static resource consumer/test-<a>it</a>
.
One way is to do Bse64 encoding/decoding of the groupId, but need to see how we can decode it to display the readable consumer id. Check out this commit.
This issue is stale because it has been open for 30 days with no activity.
This issue is stale because it has been open for 30 days with no activity.
This issue was closed because it has been inactive for 14 days since being marked as stale.
I have received a bug report from "d.morozov" regarding how consumer group id is displayed inside the UI. It looks like it is not html escaped so potentially it can break the UI or we can have have security issues.
Verify if this is true and how we can fix it.