geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ga...@apache.org
Subject svn commit: r1387332 - /geronimo/external/trunk/tomcat-parent-7.0.27/jasper/src/main/java/org/apache/jasper/runtime/PageContextImpl.java
Date Tue, 18 Sep 2012 19:38:07 GMT
Author: gawor
Date: Tue Sep 18 19:38:07 2012
New Revision: 1387332

URL: http://svn.apache.org/viewvc?rev=1387332&view=rev
Log:
Apply optimization for XmlEscape function: https://issues.apache.org/bugzilla/show_bug.cgi?id=53867

Modified:
    geronimo/external/trunk/tomcat-parent-7.0.27/jasper/src/main/java/org/apache/jasper/runtime/PageContextImpl.java

Modified: geronimo/external/trunk/tomcat-parent-7.0.27/jasper/src/main/java/org/apache/jasper/runtime/PageContextImpl.java
URL: http://svn.apache.org/viewvc/geronimo/external/trunk/tomcat-parent-7.0.27/jasper/src/main/java/org/apache/jasper/runtime/PageContextImpl.java?rev=1387332&r1=1387331&r2=1387332&view=diff
==============================================================================
--- geronimo/external/trunk/tomcat-parent-7.0.27/jasper/src/main/java/org/apache/jasper/runtime/PageContextImpl.java
(original)
+++ geronimo/external/trunk/tomcat-parent-7.0.27/jasper/src/main/java/org/apache/jasper/runtime/PageContextImpl.java
Tue Sep 18 19:38:07 2012
@@ -913,26 +913,65 @@ public class PageContextImpl extends Pag
     }
 
     private static String XmlEscape(String s) {
-        if (s == null)
+        if (s == null) {
             return null;
-        StringBuilder sb = new StringBuilder();
-        for (int i = 0; i < s.length(); i++) {
+        }
+        int len = s.length();
+
+        /*
+         * Look for any "bad" characters, Escape "bad" character was found
+         */
+        // ASCII " 34 & 38 ' 39 < 60 > 62
+        for (int i = 0; i < len; i++) {
             char c = s.charAt(i);
-            if (c == '<') {
-                sb.append("&lt;");
-            } else if (c == '>') {
-                sb.append("&gt;");
-            } else if (c == '\'') {
-                sb.append("&#039;"); // &apos;
-            } else if (c == '&') {
-                sb.append("&amp;");
-            } else if (c == '"') {
-                sb.append("&#034;"); // &quot;
-            } else {
-                sb.append(c);
+            if (c >= '\"' && c <= '>' && (c == '<' || c == '>'
|| c == '\'' || c == '&' || c == '"')) {
+                // need to escape them and then quote the whole string
+                StringBuilder sb = new StringBuilder((int) (len * 1.2));
+                sb.append(s, 0, i);
+                int pos = i + 1;
+                for (int j = i; j < len; j++) {
+                    c = s.charAt(j);
+                    if (c >= '\"' && c <= '>') {
+                        if (c == '<') {
+                            if (j > pos) {
+                                sb.append(s, pos, j);
+                            }
+                            sb.append("&lt;");
+                            pos = j + 1;
+                        } else if (c == '>') {
+                            if (j > pos) {
+                                sb.append(s, pos, j);
+                            }
+                            sb.append("&gt;");
+                            pos = j + 1;
+                        } else if (c == '\'') {
+                            if (j > pos) {
+                                sb.append(s, pos, j);
+                            }
+                            sb.append("&#039;"); // &apos;
+                            pos = j + 1;
+                        } else if (c == '&') {
+                            if (j > pos) {
+                                sb.append(s, pos, j);
+                            }
+                            sb.append("&amp;");
+                            pos = j + 1;
+                        } else if (c == '"') {
+                            if (j > pos) {
+                                sb.append(s, pos, j);
+                            }
+                            sb.append("&#034;"); // &quot;
+                            pos = j + 1;
+                        }
+                    }
+                }
+                if (pos < len) {
+                    sb.append(s, pos, len);
+                }
+                return sb.toString();
             }
         }
-        return sb.toString();
+        return s;
     }
 
     /**



Mime
View raw message