elharo opened a new issue, #390: URL: https://github.com/apache/maven-shared-utils/issues/390
`XMLEncode.xmlEncodeTextAsPCDATA()` passes characters in the range U+0000-U+001F (excluding U+0009 TAB, U+000A LF, U+000D CR) through unencoded in the `default` branch of its switch statement. These characters are illegal in XML 1.0 and will cause XML parsers to reject the output. The `default` case at line 112 just does `n.append(c)` — it should instead encode these characters as `&#xHH;` numeric character references. The explicitly handled cases (`&`, `<`, `>`, `"`, `'`, `\r`, `\n`) cover the legal control chars, but `\0`, `\1`-`\b`, `\v`, `\f`, `\u000E`-`\u001F` all slip through. This affects both attribute values (via `PrettyPrintXMLWriter.addAttribute()`) and text content (via `PrettyPrintXMLWriter.writeText()`). Fix: add a check in the `default` case to encode illegal XML control characters. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
