diff --git a/dotCMS/src/main/java/com/dotmarketing/util/UtilMethods.java b/dotCMS/src/main/java/com/dotmarketing/util/UtilMethods.java index 683fce97c0cc..bea0da111438 100644 --- a/dotCMS/src/main/java/com/dotmarketing/util/UtilMethods.java +++ b/dotCMS/src/main/java/com/dotmarketing/util/UtilMethods.java @@ -1520,7 +1520,8 @@ public static String espaceForVelocity(String text) { public static String escapeHTMLCodeFromJSON(String json) { json = json.replace(":",":") - .replace(",",","); + .replace(",",",") + .replace("$","$"); return json; } diff --git a/dotCMS/src/test/java/com/dotmarketing/util/UtilMethodsTest.java b/dotCMS/src/test/java/com/dotmarketing/util/UtilMethodsTest.java index 718997a76716..f4dfdab4b643 100644 --- a/dotCMS/src/test/java/com/dotmarketing/util/UtilMethodsTest.java +++ b/dotCMS/src/test/java/com/dotmarketing/util/UtilMethodsTest.java @@ -694,4 +694,22 @@ public void test_base64Decode_invalidBase64String() { final String invalidBase64 = "This is not a valid base64 string!"; UtilMethods.base64Decode(invalidBase64); } + + /** + * Method to test: {@link UtilMethods#escapeHTMLCodeFromJSON(String)} + * Given Scenario: A contentlet JSON value (e.g. a Story Block field) where {@code $}, {@code :} and + * {@code ,} have been stored as their decimal HTML numeric entities. + * Expected Result: The entities are decoded back to the literal characters so consumers such as the + * Block Editor display {@code $50} instead of {@code $50} (issue #35782). + */ + @Test + public void test_escapeHTMLCodeFromJSON_decodes_dollar_colon_and_comma() { + final String encoded = "{\"text\":\"The application fee is $50, see http://x.com\"}"; + final String decoded = UtilMethods.escapeHTMLCodeFromJSON(encoded); + + assertEquals("{\"text\":\"The application fee is $50, see http://x.com\"}", decoded); + assertFalse(decoded.contains("$")); + assertFalse(decoded.contains(":")); + assertFalse(decoded.contains(",")); + } }