elharo opened a new pull request, #391: URL: https://github.com/apache/maven-shared-utils/pull/391
`XMLEncode.xmlEncodeTextAsPCDATA()` passes characters in the range U+0000–U+001F (excluding TAB, LF, CR) through unencoded in the `default` branch of its switch statement. These characters are illegal in XML 1.0 and cause XML parsers to reject the output. Additionally, `needsEncoding()` only checked for `&` and `<`, so text containing only control characters was written directly without reaching the encoding method at all. **Fix:** - In `xmlEncodeTextAsPCDATA()`, the `default` case now encodes illegal control chars as `&#xHH;` numeric character references - In `needsEncoding()`, added a check for illegal control chars so they're routed through the encoding path Fixes https://github.com/apache/maven-shared-utils/issues/390 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
