commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From robert burrell donkin <>
Subject Re: [betwixt] XMLUtils must not escape '&' from bodyValue
Date Wed, 26 Jan 2005 20:43:36 GMT
On 25 Jan 2005, at 11:03, Christian Aust wrote:

> Hi,
> it is true that XMLUtils should escape '<' and '>' from bodyValues 
> since those values are likely to break the wellformedness of the 
> generated XML.
> However, if a value contains the string "&copy; Apache" it must not 
> double-escape that ampersand here. Easy workaround was to comment out 
> lines 281-285 from, maybe this fix could be incorporated 
> into next releases?

commenting out the lines that ensure that the xml is well formed 
doesn't sounds like a fix to me and so is unlikely to be incorporated 
into the codebase...

> p.s.: In fact, the escaper should check if the string following the 
> ampersand is an allowed entity.

knowing (from just a bean) which entities should be allowed in output 
is a difficult task. it's more natural a list of allowed entities to be 
provided as part of the betwixt configuration. 
MixedContentEncodingStrategy allows the encoding of body content to 
well formed xml to be customized. a custom strategy taking a list of 
entities which should not be escaped would be easy to create (though 
care may need to be taken with regards to performance).

i'd be happy to add such an implementation to the codebase (if one were 
contributed to apache).

> On the other hand, I feel that betwixt shouldn't do any value escaping 
> at all - this should be the applications responsibility. Just my 
> $.02...

betwixt is focussed on beans. betwixt aims to allow applications to 
keep their beans as POJOs by separating out xml specifics. if betwixt 
didn't provide mechanisms which allow applications to set strategies 
for xml mapping (including escaping) then extra methods would need to 
be added to the beans. that's why betwixt provides escaping.

- robert

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message