commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rahul Akolkar (JIRA)" <j...@apache.org>
Subject [jira] Updated: (SCXML-76) Serialization of expressions may produce invalid XML
Date Thu, 17 Jul 2008 17:03:31 GMT

     [ https://issues.apache.org/jira/browse/SCXML-76?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Rahul Akolkar updated SCXML-76:
-------------------------------

    Fix Version/s: 0.9

Yup, thanks, makes sense, I'm marking fix version to next release (v0.9).

I'm traveling and won't be able to get to this for atleast another week. Since you have identified
the changes, would you like to provide a patch as well? Here's more on that:

  http://commons.apache.org/patches.html

You are right that we don't want any more dependencies (especially required ones) so we'll
want to copy over the guts of the escapeXML method from [lang] (or write an equivalent). The
best place for this would be as a utility method in the org.apache.commons.scxml.SCXMLHelper
class that can be used by the SCXMLSerializer (and other places as needed).



> Serialization of expressions may produce invalid XML
> ----------------------------------------------------
>
>                 Key: SCXML-76
>                 URL: https://issues.apache.org/jira/browse/SCXML-76
>             Project: Commons SCXML
>          Issue Type: Bug
>    Affects Versions: 0.8
>            Reporter: Ingmar Kliche
>             Fix For: 0.9
>
>
> The SCXMLSerializer does not escape expression strings. With an EcmaScript evaluator
the following may occur:
> original document:
> <transition event="foo" cond="i &lt; 3" target="bar">
> the serialized document will be:
> <transition event="foo" cond="i < 3" target="bar">
> which is ill-formed XML. The serializer would need to escape the condition string. This
applies to all places where expressions may occur.
> Apache commons-lang has a StringEscapeUtil.escapeXML(String data) function which would
solve the problem (I don't know if it would help for all cases). 
> http://svn.apache.org/viewvc/commons/proper/lang/trunk/src/java/org/apache/commons/lang/StringEscapeUtils.java?view=markup
> But using this would add another dependency to commons-scxml.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message