-
Bug
-
Resolution: Done
-
Major
-
7.2.2.GA
Fix required for Mojarra Issue 4388 / Scripts with CDATA cause "empty response" error on Ajax render
Ref: https://github.com/javaserverfaces/mojarra/issues/4388
–
The RenderKitImpl (com.sun.jsf-impl) class is returning a wrong configured ResponseWriter on partial responses. It is breaking the xhtml when it contains a javascript with CDATA; the final xhtml has a bad closed nested CDATAs.
The JSF 2.2.15 RenderKitImpl: https://github.com/javaserverfaces/mojarra/blob/2.2.15/jsf-ri/src/main/java/com/sun/faces/renderkit/RenderKitImpl.java
The JSF 2.3.5 RenderKitImpl: https://github.com/javaserverfaces/mojarra/blob/2.3.5/jsf-ri/src/main/java/com/sun/faces/renderkit/RenderKitImpl.java
The issue was introduced with the following commits:
https://github.com/javaserverfaces/mojarra/commit/8a5a562e129a31f3655de86cfeb79c33d3eaa1f8
https://github.com/javaserverfaces/mojarra/commit/ee3671db95986395e3a40a591c52522421b25bf2
The issue is fixed on JSF 2.3.9 reverting those above commits.
https://github.com/javaserverfaces/mojarra/issues/4358#issuecomment-440093385
Apply:
https://github.com/javaserverfaces/mojarra/commit/cebcd9bd41f562ec02450d55bf0c3e2b1b287607
https://github.com/javaserverfaces/mojarra/commit/954773aa256b68e744ae9178013faccfb05ca204
- clones
-
WFLY-12336 Mojarra 4596 - Scripts with CDATA cause "empty response" error on Ajax render
- Closed
- is incorporated by
-
JBEAP-17045 [GSS](7.2.z) Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00001 to 2.3.5.SP3-redhat-00002
- Closed
- is related to
-
JBEAP-17157 [GSS](7.2.z) Mojarra Issue 3042 / Partial rendering: insufficient CDATA encoding (XSS)
- Closed
- links to