Follow up to XML update parsing error because of the 0x0C (Form Feed) control character

Question

Follow up to XML update parsing error because of the 0x0C (Form Feed) control character

Closed this issue 3 years ago · 4 comments

As #4145 was closed, and as requested there, I open a new bug report, as the issue is still reproducible with WildFly 26.0.0.Final.

I'm not going to reiterate the full bug (see #4145 for that). I will however show how to reproduce it.

Deploy the warcontained in mojarra4145.zip to WildFly 26.0.0.Final
Open a browser on http://localhost:8080/mojarra4145/
- Hint: Open your browser's developer tools now
Switch to tab "Invalid Char Demo"
Add an invalid entry using the "Add invalid entry" button
- Look at the browser's developer tools - you should already see some error regarding invalid XML
- Notice how no entry appears in the list
Open a second browser window, open http://localhost:8080/mojarra4145/, and go to tab "Invalid Char Demo"
- Notice how the tab is completely empty
Switch back to "Dummy" tab and click "Remove invalid entry"
Everything is back to normal now in both browser windows

The source code to this reproducer can be found at https://github.com/j-be/mojarra-4145.

Answer 1 · 2022-01-17T10:59:34.000Z

The reproducer contains PrimeFaces. This is not unambiguous. I'll have to change the reproducer myself in order to prepare a proper integration test. In future Mojarra-targeted issue reports, it would be very welcome if the reproducer does not contain any third party libraries.

Answer 2 · 2022-01-17T11:05:01.000Z

@BalusC I see, I used it mostly because of the tabs feature. If you'd like I can try to rewrite it only using JSF features and report back after I succeeded.

I just thought it would be a good idea to immediately raise this again before it gets forgotten - I still consider this as being a potential DoS.

EDIT: Fix typos.

Answer 3 · 2022-01-17T11:06:48.000Z

I've boiled down an unambiguous reproducer which indeed reproduced the problem in Mojarra 2.3.17.

View:

<!DOCTYPE html>
<html
    xmlns:f="http://xmlns.jcp.org/jsf/core"
    xmlns:h="http://xmlns.jcp.org/jsf/html"
>
    <h:head />
    <h:body>
        <h:form>
            <h:commandButton value="Submit" action="#{bean.submit}">
                <f:ajax render="output" />
            </h:commandButton>
            <h:outputText id="output" value="#{bean.output}" />
        </h:form>
    </h:body>
</html>

Model:

package com.example;

import javax.enterprise.context.RequestScoped;
import javax.inject.Named;

@Named
@RequestScoped
public class Bean {

    private String output;
    
    public void submit() {
        output = "Output\u000c";
    }
    
    public String getOutput() {
        return output;
    }
}

Expected behavior: "Output" is printed

Actual behavior: JavaScript alert shows up saying "emptyResponse: An empty response was received from the server. Check server error logs"

Answer 4 · 2022-01-17T11:09:17.000Z

Skim reading through this I'd ~~say~~ confirm it shows the same issue.