search

slocumbf / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java
0 stars 0 forks source link

CSSCodec in 1.4 encodes hex digits invalidily #77

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. checkout 1.4 previous to revision 910
2. encode 'a' via the CSSCodec

What is the expected output? What do you see instead?
'a' should either be left unencoded or be encoded '\61 '.

Please use labels and text to provide additional information.

Hexadecimal digits, as well as \r\n\f, are specifically excluded from the
slash self escape syntax in the CSS 2.1 spec (section 4.1.3). The slash
self syntax for hexadecimal digits conflicts with hexadecimal character
code escapes. As such '\a' (assuming the next char is not hex) will be
interpreted as a \n which is not the expected behavior

Original issue reported on code.google.com by schal...@darkmist.net on 14 Dec 2009 at 1:58

GoogleCodeExporter commented 9 years ago 
fixed in revision 910

Original comment by schal...@darkmist.net on 14 Dec 2009 at 2:35