Author: bdelacretaz
Date: Thu Dec 4 08:37:37 2008
New Revision: 723372
URL: http://svn.apache.org/viewvc?rev=723372&view=rev
Log:
SLING-760 - escape XML characters in response.sendError() messages
Added:
incubator/sling/trunk/engine/src/main/java/org/apache/sling/engine/ResponseUtil.java
(with props)
incubator/sling/trunk/engine/src/test/java/org/apache/sling/engine/ResponseUtilTest.java
(with props)
Modified:
incubator/sling/trunk/engine/src/main/java/org/apache/sling/engine/impl/SlingHttpServletResponseImpl.java
Added:
incubator/sling/trunk/engine/src/main/java/org/apache/sling/engine/ResponseUtil.java
URL:
http://svn.apache.org/viewvc/incubator/sling/trunk/engine/src/main/java/org/apache/sling/engine/ResponseUtil.java?rev=723372&view=auto
==============================================================================
---
incubator/sling/trunk/engine/src/main/java/org/apache/sling/engine/ResponseUtil.java
(added)
+++
incubator/sling/trunk/engine/src/main/java/org/apache/sling/engine/ResponseUtil.java
Thu Dec 4 08:37:37 2008
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.engine;
+
+/** Response-related utilities */
+public class ResponseUtil {
+
+ /** Escape xml text */
+ public static String escapeXml(String input) {
+ if(input == null) {
+ return null;
+ }
+
+ final StringBuffer b = new StringBuffer(input.length());
+ for(int i = 0;i < input.length(); i++) {
+ final char c = input.charAt(i);
+ if(c == '&') {
+ b.append("&");
+ } else if(c == '<') {
+ b.append("<");
+ } else if(c == '>') {
+ b.append(">");
+ } else {
+ b.append(c);
+ }
+ }
+ return b.toString();
+ }
+}
Propchange:
incubator/sling/trunk/engine/src/main/java/org/apache/sling/engine/ResponseUtil.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
incubator/sling/trunk/engine/src/main/java/org/apache/sling/engine/ResponseUtil.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision Rev URL
Modified:
incubator/sling/trunk/engine/src/main/java/org/apache/sling/engine/impl/SlingHttpServletResponseImpl.java
URL:
http://svn.apache.org/viewvc/incubator/sling/trunk/engine/src/main/java/org/apache/sling/engine/impl/SlingHttpServletResponseImpl.java?rev=723372&r1=723371&r2=723372&view=diff
==============================================================================
---
incubator/sling/trunk/engine/src/main/java/org/apache/sling/engine/impl/SlingHttpServletResponseImpl.java
(original)
+++
incubator/sling/trunk/engine/src/main/java/org/apache/sling/engine/impl/SlingHttpServletResponseImpl.java
Thu Dec 4 08:37:37 2008
@@ -35,6 +35,7 @@
import javax.servlet.http.HttpServletResponseWrapper;
import org.apache.sling.api.SlingHttpServletResponse;
+import org.apache.sling.engine.ResponseUtil;
import org.apache.sling.engine.impl.request.RequestData;
import org.apache.sling.engine.servlets.ErrorHandler;
@@ -235,7 +236,7 @@
this.status = status;
ErrorHandler eh =
getRequestData().getSlingMainServlet().getErrorHandler();
- eh.handleError(status, message, requestData.getSlingRequest(), this);
+ eh.handleError(status, ResponseUtil.escapeXml(message),
requestData.getSlingRequest(), this);
}
@Override
Added:
incubator/sling/trunk/engine/src/test/java/org/apache/sling/engine/ResponseUtilTest.java
URL:
http://svn.apache.org/viewvc/incubator/sling/trunk/engine/src/test/java/org/apache/sling/engine/ResponseUtilTest.java?rev=723372&view=auto
==============================================================================
---
incubator/sling/trunk/engine/src/test/java/org/apache/sling/engine/ResponseUtilTest.java
(added)
+++
incubator/sling/trunk/engine/src/test/java/org/apache/sling/engine/ResponseUtilTest.java
Thu Dec 4 08:37:37 2008
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sling.engine;
+
+import junit.framework.TestCase;
+
+public class ResponseUtilTest extends TestCase {
+ public void testNullInput() {
+ assertNull(ResponseUtil.escapeXml(null));
+ }
+
+ public void testNoEscapes() {
+ assertEquals("foo and bar", ResponseUtil.escapeXml("foo and bar"));
+ }
+
+ public void testEscapes() {
+ assertEquals("<bonnie> & </clyde> && others",
+ ResponseUtil.escapeXml("<bonnie> & </clyde> && others"));
+ }
+}
Propchange:
incubator/sling/trunk/engine/src/test/java/org/apache/sling/engine/ResponseUtilTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
incubator/sling/trunk/engine/src/test/java/org/apache/sling/engine/ResponseUtilTest.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision Rev URL
