Using Domino V11 (bug also existed since at least 9.0.1 FP7)
The following method
in the plugin com.ibm.designer.lib.acf
has a logic bug which you can reproduce with the following 2 line test
String value = "color: rgb(50, 49, 48); font-family: "";
We have an XPages application in which we view emails that have been received from external.
We are using the ACFFilter to ensure that no malicious content is rendered
However we (very occasionally) receive a FacesExceptionEx when some particular content comes through.
When we debug we can trace this to a StringIndexOutOfBoundsException in the htmlDecode method mentioned above
It seems that it is doing a test like this:
i >= length || (value.charAt(i + 1) != ';'
but this test causes an out of bounds exception when i = 41 and the string length is 42