elharo opened a new pull request, #391:
URL: https://github.com/apache/maven-shared-utils/pull/391

   `XMLEncode.xmlEncodeTextAsPCDATA()` passes characters in the range 
U+0000–U+001F (excluding TAB, LF, CR) through unencoded in the `default` branch 
of its switch statement. These characters are illegal in XML 1.0 and cause XML 
parsers to reject the output.
   
   Additionally, `needsEncoding()` only checked for `&` and `<`, so text 
containing only control characters was written directly without reaching the 
encoding method at all.
   
   **Fix:**
   - In `xmlEncodeTextAsPCDATA()`, the `default` case now encodes illegal 
control chars as `&#xHH;` numeric character references
   - In `needsEncoding()`, added a check for illegal control chars so they're 
routed through the encoding path
   
   Fixes https://github.com/apache/maven-shared-utils/issues/390


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to