This content has been marked as final. Show 7 replies
After upgrade to 4.2.2 (via patch, downloaded from My Oracle Support) bug the same.
Database 18.104.22.168.0 64bit
can you please provide a testcase where this problem occurs and and install it on apex.oracle.com? Even if the error does not reproduce on our hosted instance, maybe we can find the cause by having a look at your app.
Yes, I've created testcase:
app: TESTAPP, user/pass TEST/TESTTEST
On apex.oracle.com it works, but on my db I see in first link in IR ("Петров", RN 327):
the bug appeares after migration from apex 4.0.2/4.1.1. to apex 4.2.1/4.2.2. Upgrade was made by reinstalling apex.
Hi Heavyside,1 person found this helpful
APEX 4.2 introduced escaping of non-ascii characters if the database character set is not UTF-8, to circumvent a certain class of XSS attacks. You can not reproduce the behaviour on apex.oracle.com, because it is set up with AL32UTF8. The switch to control this escaping is in the application security preferences (look for "HTML Escaping Mode"). Apparently, the extended escaping mode triggered a sleeping over-escaping bug in report links. I filed bug #16743663 for this issue.
Thank you for reporting this! We will work on a fix in the next patchset.
And one more thing before question will be answered.
There is no section Browser Security on Edit Security Attributes page in my installation of apex 4.2.2. Maybe it is the result of upgrade?
And in 4.2.1 it is and your advice help me.
I think that's because your application runs in an old compatibility mode. Can you temporarily set the compatibility mode in the application attributes to 4.2? You should be able to see the html escaping attribute then, in the security tab.
Oh, yes, of course. Now it works. I think I'd better upgrade to 4.2 mode, rather then using other compatibilities modes.