incubator-sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bdelacre...@apache.org
Subject svn commit: r723372 - in /incubator/sling/trunk/engine/src: main/java/org/apache/sling/engine/ResponseUtil.java main/java/org/apache/sling/engine/impl/SlingHttpServletResponseImpl.java test/java/org/apache/sling/engine/ResponseUtilTest.java
Date Thu, 04 Dec 2008 16:37:38 GMT
Author: bdelacretaz
Date: Thu Dec  4 08:37:37 2008
New Revision: 723372

URL: http://svn.apache.org/viewvc?rev=723372&view=rev
Log:
SLING-760 - escape XML characters in response.sendError() messages

Added:
    incubator/sling/trunk/engine/src/main/java/org/apache/sling/engine/ResponseUtil.java 
 (with props)
    incubator/sling/trunk/engine/src/test/java/org/apache/sling/engine/ResponseUtilTest.java
  (with props)
Modified:
    incubator/sling/trunk/engine/src/main/java/org/apache/sling/engine/impl/SlingHttpServletResponseImpl.java

Added: incubator/sling/trunk/engine/src/main/java/org/apache/sling/engine/ResponseUtil.java
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/engine/src/main/java/org/apache/sling/engine/ResponseUtil.java?rev=723372&view=auto
==============================================================================
--- incubator/sling/trunk/engine/src/main/java/org/apache/sling/engine/ResponseUtil.java (added)
+++ incubator/sling/trunk/engine/src/main/java/org/apache/sling/engine/ResponseUtil.java Thu
Dec  4 08:37:37 2008
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.engine;
+
+/** Response-related utilities */
+public class ResponseUtil {
+    
+    /** Escape xml text */
+    public static String escapeXml(String input) {
+        if(input == null) {
+            return null;
+        }
+        
+        final StringBuffer b = new StringBuffer(input.length());
+        for(int i = 0;i  < input.length(); i++) {
+            final char c = input.charAt(i);
+            if(c == '&') {
+                b.append("&amp;");
+            } else if(c == '<') {
+                b.append("&lt;");
+            } else if(c == '>') {
+                b.append("&gt;");
+            } else {
+                b.append(c);
+            }
+        }
+        return b.toString();
+    }
+}

Propchange: incubator/sling/trunk/engine/src/main/java/org/apache/sling/engine/ResponseUtil.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: incubator/sling/trunk/engine/src/main/java/org/apache/sling/engine/ResponseUtil.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision Rev URL

Modified: incubator/sling/trunk/engine/src/main/java/org/apache/sling/engine/impl/SlingHttpServletResponseImpl.java
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/engine/src/main/java/org/apache/sling/engine/impl/SlingHttpServletResponseImpl.java?rev=723372&r1=723371&r2=723372&view=diff
==============================================================================
--- incubator/sling/trunk/engine/src/main/java/org/apache/sling/engine/impl/SlingHttpServletResponseImpl.java
(original)
+++ incubator/sling/trunk/engine/src/main/java/org/apache/sling/engine/impl/SlingHttpServletResponseImpl.java
Thu Dec  4 08:37:37 2008
@@ -35,6 +35,7 @@
 import javax.servlet.http.HttpServletResponseWrapper;
 
 import org.apache.sling.api.SlingHttpServletResponse;
+import org.apache.sling.engine.ResponseUtil;
 import org.apache.sling.engine.impl.request.RequestData;
 import org.apache.sling.engine.servlets.ErrorHandler;
 
@@ -235,7 +236,7 @@
 
         this.status = status;
         ErrorHandler eh = getRequestData().getSlingMainServlet().getErrorHandler();
-        eh.handleError(status, message, requestData.getSlingRequest(), this);
+        eh.handleError(status, ResponseUtil.escapeXml(message), requestData.getSlingRequest(),
this);
     }
 
     @Override

Added: incubator/sling/trunk/engine/src/test/java/org/apache/sling/engine/ResponseUtilTest.java
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/engine/src/test/java/org/apache/sling/engine/ResponseUtilTest.java?rev=723372&view=auto
==============================================================================
--- incubator/sling/trunk/engine/src/test/java/org/apache/sling/engine/ResponseUtilTest.java
(added)
+++ incubator/sling/trunk/engine/src/test/java/org/apache/sling/engine/ResponseUtilTest.java
Thu Dec  4 08:37:37 2008
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sling.engine;
+
+import junit.framework.TestCase;
+
+public class ResponseUtilTest extends TestCase {
+    public void testNullInput() {
+        assertNull(ResponseUtil.escapeXml(null));
+    }
+    
+    public void testNoEscapes() {
+        assertEquals("foo and bar", ResponseUtil.escapeXml("foo and bar"));
+    }
+    
+    public void testEscapes() {
+        assertEquals("&lt;bonnie&gt; &amp; &lt;/clyde&gt; &amp;&amp;
others", 
+                ResponseUtil.escapeXml("<bonnie> & </clyde> && others"));
+    }
+}

Propchange: incubator/sling/trunk/engine/src/test/java/org/apache/sling/engine/ResponseUtilTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: incubator/sling/trunk/engine/src/test/java/org/apache/sling/engine/ResponseUtilTest.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision Rev URL



Mime
View raw message