I’ve just updated from 1.10.2 to 1.11.3 using an existing utf-8 database that contained patients with name and other values in greek.
Now, when a search is performed in some places in the legacy UI, the greek characters are displayed correctly while in other places (such as the person’s name and address) they are displayed with symbols such as σαβ etc
In the previous version of openmrs there no such issue.
Could you paste some screenshots of pages where things are displayed incorrectly and some screenshots that are displayed fine? I need some pointers on where to look.
@charis, if you share screenshots and are working with real patient data, please make sure to use fake patients for the screenshots or to blur any identifying information. Identifiable patient informations (names, identifiers, addresses, specific dates, etc.) should be treated as confidential information and never be emailed or loaded into a website.
by replacing ${…} with <c:out value="${...}" />. C:out escapes xml characters, but for some reason it breaks the encoding of UTF-8 characters too. I tried setting <%@page pageEncoding="UTF-8" %>, but with no effect.
After looking at the source code for spring bind, it already does the escaping by default because of our defaultHtmlEscape=true in web.xml. So removing the c:out looks harmless. I confirmed this by having a name with <script>alert("Yo")</script> which did not execute this JavaScript. Therefore, i have removed all c:out that are within spring:bind for nameLayout.jsp as per this commit:
On a side note, all this would not have happened if spring:bind's BindStatus.java used the overload of HtmlUtils.htmlEscape(String, String) that takes a second parameter of the character set (in this case UTF-8)
used by the page context.
@dkayiwa, so the issue was that both spring:bind and c:out escaped HTML (double escaped as @lluismf suggested). I don’t quite follow your second paragraph about the htmlEscape method.
We must backport the fix to 1.12.x and 1.11.x. Have you created an issue in JIRA, because I can’t find any reference to it? It feels like a serious bug for implementations so we should prioritize doing a quick maintenance release of 1.11.x with the fix.
do you have any idea when the fix will be applied ? Of course, I don’t expect an exact answer but a rough estimation based on how the developer team works… Is it a matter of weeks or months ?