smolnar82 commented on code in PR #834:
URL: https://github.com/apache/knox/pull/834#discussion_r1457218446
##########
gateway-topology-simple/src/main/java/org/apache/knox/gateway/topology/simple/SimpleDescriptorHandler.java:
##########
@@ -635,6 +635,15 @@ private static Map<String, File> generateTopology(final
SimpleDescriptor desc,
return result;
}
+ /*
+ * First, undoes any previous manual XML escape.
+ * Second applies XML-escape on the result of the first step.
+ */
+ private static String getXmlEscapedValue(String value) {
+ final String unescapedValue = StringEscapeUtils.unescapeXml(value);
+ return StringEscapeUtils.escapeXml10(unescapedValue);
Review Comment:
Yes, there is. According to the JavaDoc of `.escpaXml11`:
```
The returned string can be inserted into a valid XML 1.1 document. Do not
use it for XML 1.0 documents.
```
We do generate XML 1.0 documents
[here](https://github.com/apache/knox/blob/master/gateway-topology-simple/src/main/java/org/apache/knox/gateway/topology/simple/SimpleDescriptorHandler.java#L453),
therefore we need to use the `.escapeXml10` API.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
