abdera-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jmsn...@apache.org
Subject svn commit: r588728 - /incubator/abdera/java/trunk/extensions/json/src/main/java/org/apache/abdera/ext/json/JSONUtil.java
Date Fri, 26 Oct 2007 18:05:05 GMT
Author: jmsnell
Date: Fri Oct 26 11:05:05 2007
New Revision: 588728

URL: http://svn.apache.org/viewvc?rev=588728&view=rev
Log:
defensively escape illegal characters within uri's in (x)html markup

Modified:
    incubator/abdera/java/trunk/extensions/json/src/main/java/org/apache/abdera/ext/json/JSONUtil.java

Modified: incubator/abdera/java/trunk/extensions/json/src/main/java/org/apache/abdera/ext/json/JSONUtil.java
URL: http://svn.apache.org/viewvc/incubator/abdera/java/trunk/extensions/json/src/main/java/org/apache/abdera/ext/json/JSONUtil.java?rev=588728&r1=588727&r2=588728&view=diff
==============================================================================
--- incubator/abdera/java/trunk/extensions/json/src/main/java/org/apache/abdera/ext/json/JSONUtil.java
(original)
+++ incubator/abdera/java/trunk/extensions/json/src/main/java/org/apache/abdera/ext/json/JSONUtil.java
Fri Oct 26 11:05:05 2007
@@ -28,6 +28,8 @@
 import org.apache.abdera.ext.html.HtmlHelper;
 import org.apache.abdera.ext.thread.InReplyTo;
 import org.apache.abdera.ext.thread.ThreadHelper;
+import org.apache.abdera.i18n.iri.Constants;
+import org.apache.abdera.i18n.iri.Escaping;
 import org.apache.abdera.i18n.iri.IRI;
 import org.apache.abdera.model.Base;
 import org.apache.abdera.model.Categories;
@@ -389,10 +391,12 @@
       if ("".equals(attr.getPrefix())  || 
           "xml".equals(attr.getPrefix())) {
         String val = child.getAttributeValue(attr);
-        if ("href".equalsIgnoreCase(name) || 
-            "src".equalsIgnoreCase(name) || 
-            "action".equalsIgnoreCase(name)) {
+        if (val != null && 
+            ("href".equalsIgnoreCase(name) || 
+             "src".equalsIgnoreCase(name) || 
+             "action".equalsIgnoreCase(name))) {
          IRI base = child.getResolvedBaseUri();
+         val = Escaping.encode(val.trim(),Constants.IUNRESERVED,Constants.RESERVED,Constants.IPRIVATE);
          if (base != null) val = base.resolve(val).toASCIIString();
         }
         jstream.writeQuoted(val);



Mime
View raw message