JSF / primefaces handling of control character (form feed hex: 0x0c) in ajax requests?












1















I am curious about a edge case I have run across when using ajax requests in JSF / primefaces.



I found that if I input a form feed character ("/f" in java or 0x0C in hex) into a request that is handled via ajax it causes the ajax request to fail because the xml generated is considered invalid. I would only expect this scenario to come up if a user is copying and pasting something from another document which happens to contain this character or more likely a QA person (or malicious user) input the character in an attempt to ruin my day.



Exact response I see in chrome developer tools:



<partial-responseid="j_id1">

  <parsererror>

    <h3>This page contains the following errors:</h3>

    <div>

      error on line 2 at column 68: Input is not proper UTF-8, indicate encoding !

      Bytes: 0x0C 0x20 0x63 0x61

    </div>

  <h3>Below is a rendering of the page up to the first error.</h3>

  </parsererror>

  <changes>

    <update id="j_idt5"/>

  </changes>

</partial-response>


Sample Project to reproduce the error



There seems to be a limitation in XML that this character cannot be included in XML 1.0 so is there anything that JSF / primefaces can do to avoid this scenario or am I asking too much from the framework? If I cannot get JSF / primefaces to handle this gracefully how can I make it so that a proper error page is generated and the issue is logged somewhere other then the users console?






primefaces escaping jsf-2.2







share|improve this question























  • let me investigate this and get back to you. We have been doing a lot of proper escaping in PrimeFaces to handle characters i wonder if this example is a case that fell through the cracks or is a real problem. I will report back.

    – Melloware
    Jul 16 '18 at 16:28











  • I have definitely confirmed your error on PF 6.2.

    – Melloware
    Jul 16 '18 at 16:52











  • Looks like it is a JSF/Mojarra bug. I updated my comment below.

    – Melloware
    Nov 21 '18 at 12:47
















1















I am curious about a edge case I have run across when using ajax requests in JSF / primefaces.



I found that if I input a form feed character ("/f" in java or 0x0C in hex) into a request that is handled via ajax it causes the ajax request to fail because the xml generated is considered invalid. I would only expect this scenario to come up if a user is copying and pasting something from another document which happens to contain this character or more likely a QA person (or malicious user) input the character in an attempt to ruin my day.



Exact response I see in chrome developer tools:



<partial-responseid="j_id1">

  <parsererror>

    <h3>This page contains the following errors:</h3>

    <div>

      error on line 2 at column 68: Input is not proper UTF-8, indicate encoding !

      Bytes: 0x0C 0x20 0x63 0x61

    </div>

  <h3>Below is a rendering of the page up to the first error.</h3>

  </parsererror>

  <changes>

    <update id="j_idt5"/>

  </changes>

</partial-response>


Sample Project to reproduce the error



There seems to be a limitation in XML that this character cannot be included in XML 1.0 so is there anything that JSF / primefaces can do to avoid this scenario or am I asking too much from the framework? If I cannot get JSF / primefaces to handle this gracefully how can I make it so that a proper error page is generated and the issue is logged somewhere other then the users console?






primefaces escaping jsf-2.2







share|improve this question























  • let me investigate this and get back to you. We have been doing a lot of proper escaping in PrimeFaces to handle characters i wonder if this example is a case that fell through the cracks or is a real problem. I will report back.

    – Melloware
    Jul 16 '18 at 16:28











  • I have definitely confirmed your error on PF 6.2.

    – Melloware
    Jul 16 '18 at 16:52











  • Looks like it is a JSF/Mojarra bug. I updated my comment below.

    – Melloware
    Nov 21 '18 at 12:47














1












1








1








I am curious about a edge case I have run across when using ajax requests in JSF / primefaces.



I found that if I input a form feed character ("/f" in java or 0x0C in hex) into a request that is handled via ajax it causes the ajax request to fail because the xml generated is considered invalid. I would only expect this scenario to come up if a user is copying and pasting something from another document which happens to contain this character or more likely a QA person (or malicious user) input the character in an attempt to ruin my day.



Exact response I see in chrome developer tools:



<partial-responseid="j_id1">

  <parsererror>

    <h3>This page contains the following errors:</h3>

    <div>

      error on line 2 at column 68: Input is not proper UTF-8, indicate encoding !

      Bytes: 0x0C 0x20 0x63 0x61

    </div>

  <h3>Below is a rendering of the page up to the first error.</h3>

  </parsererror>

  <changes>

    <update id="j_idt5"/>

  </changes>

</partial-response>


Sample Project to reproduce the error



There seems to be a limitation in XML that this character cannot be included in XML 1.0 so is there anything that JSF / primefaces can do to avoid this scenario or am I asking too much from the framework? If I cannot get JSF / primefaces to handle this gracefully how can I make it so that a proper error page is generated and the issue is logged somewhere other then the users console?






primefaces escaping jsf-2.2







share|improve this question














I am curious about a edge case I have run across when using ajax requests in JSF / primefaces.



I found that if I input a form feed character ("/f" in java or 0x0C in hex) into a request that is handled via ajax it causes the ajax request to fail because the xml generated is considered invalid. I would only expect this scenario to come up if a user is copying and pasting something from another document which happens to contain this character or more likely a QA person (or malicious user) input the character in an attempt to ruin my day.



Exact response I see in chrome developer tools:



<partial-responseid="j_id1">

  <parsererror>

    <h3>This page contains the following errors:</h3>

    <div>

      error on line 2 at column 68: Input is not proper UTF-8, indicate encoding !

      Bytes: 0x0C 0x20 0x63 0x61

    </div>

  <h3>Below is a rendering of the page up to the first error.</h3>

  </parsererror>

  <changes>

    <update id="j_idt5"/>

  </changes>

</partial-response>


Sample Project to reproduce the error



There seems to be a limitation in XML that this character cannot be included in XML 1.0 so is there anything that JSF / primefaces can do to avoid this scenario or am I asking too much from the framework? If I cannot get JSF / primefaces to handle this gracefully how can I make it so that a proper error page is generated and the issue is logged somewhere other then the users console?






primefaces escaping jsf-2.2




primefaces escaping jsf-2.2






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Jul 16 '18 at 16:08









booja234booja234

61




61













  • let me investigate this and get back to you. We have been doing a lot of proper escaping in PrimeFaces to handle characters i wonder if this example is a case that fell through the cracks or is a real problem. I will report back.

    – Melloware
    Jul 16 '18 at 16:28











  • I have definitely confirmed your error on PF 6.2.

    – Melloware
    Jul 16 '18 at 16:52











  • Looks like it is a JSF/Mojarra bug. I updated my comment below.

    – Melloware
    Nov 21 '18 at 12:47



















  • let me investigate this and get back to you. We have been doing a lot of proper escaping in PrimeFaces to handle characters i wonder if this example is a case that fell through the cracks or is a real problem. I will report back.

    – Melloware
    Jul 16 '18 at 16:28











  • I have definitely confirmed your error on PF 6.2.

    – Melloware
    Jul 16 '18 at 16:52











  • Looks like it is a JSF/Mojarra bug. I updated my comment below.

    – Melloware
    Nov 21 '18 at 12:47

















let me investigate this and get back to you. We have been doing a lot of proper escaping in PrimeFaces to handle characters i wonder if this example is a case that fell through the cracks or is a real problem. I will report back.

– Melloware
Jul 16 '18 at 16:28





let me investigate this and get back to you. We have been doing a lot of proper escaping in PrimeFaces to handle characters i wonder if this example is a case that fell through the cracks or is a real problem. I will report back.

– Melloware
Jul 16 '18 at 16:28













I have definitely confirmed your error on PF 6.2.

– Melloware
Jul 16 '18 at 16:52





I have definitely confirmed your error on PF 6.2.

– Melloware
Jul 16 '18 at 16:52













Looks like it is a JSF/Mojarra bug. I updated my comment below.

– Melloware
Nov 21 '18 at 12:47





Looks like it is a JSF/Mojarra bug. I updated my comment below.

– Melloware
Nov 21 '18 at 12:47












1 Answer
1






active

oldest

votes


















1














I believe it to be a bug and reported it here: https://github.com/primefaces/primefaces/issues/3875



I will report back once the issue has been addressed.



Update: It turns out to be a Mojarra issue:
https://github.com/eclipse-ee4j/mojarra/issues/4516






share|improve this answer

























    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f51366022%2fjsf-primefaces-handling-of-control-character-form-feed-hex-0x0c-in-ajax-req%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    1














    I believe it to be a bug and reported it here: https://github.com/primefaces/primefaces/issues/3875



    I will report back once the issue has been addressed.



    Update: It turns out to be a Mojarra issue:
    https://github.com/eclipse-ee4j/mojarra/issues/4516






    share|improve this answer






























      1














      I believe it to be a bug and reported it here: https://github.com/primefaces/primefaces/issues/3875



      I will report back once the issue has been addressed.



      Update: It turns out to be a Mojarra issue:
      https://github.com/eclipse-ee4j/mojarra/issues/4516






      share|improve this answer




























        1












        1








        1







        I believe it to be a bug and reported it here: https://github.com/primefaces/primefaces/issues/3875



        I will report back once the issue has been addressed.



        Update: It turns out to be a Mojarra issue:
        https://github.com/eclipse-ee4j/mojarra/issues/4516






        share|improve this answer















        I believe it to be a bug and reported it here: https://github.com/primefaces/primefaces/issues/3875



        I will report back once the issue has been addressed.



        Update: It turns out to be a Mojarra issue:
        https://github.com/eclipse-ee4j/mojarra/issues/4516







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Nov 21 '18 at 12:46

























        answered Jul 16 '18 at 18:33









        MellowareMelloware

        2,91711935




        2,91711935






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f51366022%2fjsf-primefaces-handling-of-control-character-form-feed-hex-0x0c-in-ajax-req%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Ottavio Pratesi

            Image
            .mw-parser-output .avviso .mbox-text-div>div,.mw-parser-output .avviso .mbox-text-full-div>div{font-size:90%}.mw-parser-output .avviso .mbox-image div{width:52px}.mw-parser-output .avviso .mbox-text-full-div .hide-when-compact{display:block} Questa voce sull'argomento ciclisti italiani è solo un abbozzo . Contribuisci a migliorarla secondo le convenzioni di Wikipedia. Ottavio Pratesi Nazionalità   Italia Ciclismo Specialità Strada Ritirato 1927 Carriera Squadre di club 1910-1911 Individuale 1912   Alcyon-Dunlop 1913 Globo-Dunlop 1914   Alcyon-Dunlop 1915-1922 Individuale 1923 Lygie 1924 Ostende 1925 Individuale   Modifica dati su Wikidata  · Manuale Ottavio Pratesi (Rosignano Marittimo, 1º gennaio 1889 – Livorno, 3 novembre 1977) è stato un ciclista su strada italiano, professionista tra il 1910 ed il 1925, era soprannominato il "Falco di ...
            Read more

            Tricia Helfer

            Image
            Tricia Helfer Tricia Helfer al Comic-Con 2015 Altezza 179 [1]  cm Misure 86-61-89 [1] Taglia 38 [1] (UE) - 8 [1] (US) Scarpe 40 [1] (UE) - 9 [1] (US) Occhi Azzurri [1] Capelli Biondo scuro [1] Modifica dati su Wikidata  · Manuale Tricia Helfer (Donalda, 11 aprile 1974) è una supermodella e attrice canadese, conosciuta principalmente per il suo ruolo di Numero Sei nella serie televisiva Battlestar Galactica . Indice 1 Carriera 2 Filmografia 2.1 Cinema 2.2 Televisione 2.3 Video musicali 2.4 Doppiatrice 2.4.1 Cinema 2.4.2 Televisione 2.4.3 Videogiochi 2.5 Produttrice 2.6 Agenzie 3 Doppiatrici italiane 4 Note 5 Altri progetti 6 Collegamenti esterni Carriera | Di origine inglese, tedesca, norvegese e svedese, nel 1992 Tricia vinse il concorso di "Ford Models Supermodel of the World", organizzato dall'agenzia Ford Models e fu poi assunta dall'agenzia ...
            Read more

            15 giugno

            Image
            gennaio  · febbraio  · marzo  · aprile  · maggio  · giugno 2018  · luglio  · agosto  · settembre  · ottobre  · novembre  · dicembre Ve Sa Do Lu Ma Me Gi Ve Sa Do Lu Ma Me Gi Ve Sa Do Lu Ma Me Gi Ve Sa Do Lu Ma Me Gi Ve Sa ← 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 → Il 15 giugno è il 166º giorno del calendario gregoriano (il 167º negli anni bisestili). Mancano 199 giorni alla fine dell'anno. Indice 1 Eventi 2 Nati 3 Morti 4 Feste e ricorrenze 4.1 Civili 4.2 Religiose 5 Altri progetti Eventi | 763 a.C. – Gli Assiri registrano un'eclissi solare 923 – Battaglia di Soissons: re Roberto I di Francia viene ucciso, re Carlo il Semplice viene arrestato dai sostenitori del duca Rodolfo di Borgogna 1094 – Reconquista: Valencia cade nelle mani di El Cid 1215 – Re Giovanni d'Inghilterra appone i...
            Read more