+1 to the concept -0 to the implementation
Wouldn't it be clearer to call it dumpToEncodedString() or somesuch and avoid the boolean arg? --Glen > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, January 15, 2003 6:31 PM > To: [EMAIL PROTECTED] > Subject: cvs commit: xml-axis/java/src/org/apache/axis AxisFault.java > > > stevel 2003/01/15 15:30:40 > > Modified: java/src/org/apache/axis AxisFault.java > Log: > bug 16147; extend dumpString() to allow for the option to > escape all fault strings. This is an option as we dont want > it during debugging, just html display. > > Revision Changes Path > 1.67 +30 -6 > xml-axis/java/src/org/apache/axis/AxisFault.java > > Index: AxisFault.java > =================================================================== > RCS file: > /home/cvs/xml-axis/java/src/org/apache/axis/AxisFault.java,v > retrieving revision 1.66 > retrieving revision 1.67 > diff -u -r1.66 -r1.67 > --- AxisFault.java 14 Jan 2003 06:40:53 -0000 1.66 > +++ AxisFault.java 15 Jan 2003 23:30:40 -0000 1.67 > @@ -315,7 +315,18 @@ > * turn the fault and details into a string > * @return stringified fault details > */ > - public String dumpToString() > + public String dumpToString() { > + return dumpToString(true); > + } > + > + /** > + * turn the fault and details into a string, with or > without XML escaping. > + * subclassers: for security (cross-site-scripting) reasons, > + * escape everything that could contain caller-supplied data. > + * @param escapeText flag to control whether to XML > escape everything > + * @return stringified fault details > + */ > + public String dumpToString(boolean escapeText) > { > String details = new String(); > > @@ -336,7 +347,7 @@ > + XMLUtils.getInnerXMLString(e); > } > } > - > + > String subCodes = new String(); > if (faultSubCode != null) { > for (int i = 0; i < faultSubCode.size(); i++) { > @@ -345,13 +356,26 @@ > > } > } > + String code=faultCode.toString(); > + String errorString=faultString; > + String actor=faultActor; > + String node=faultNode; > + > + if (escapeText) { > + //encode everything except details and > subcodes, which are already > + //dealt with one way or another. > + code= XMLUtils.xmlEncodeString(code); > + errorString = XMLUtils.xmlEncodeString(errorString); > + actor= XMLUtils.xmlEncodeString(actor); > + node = XMLUtils.xmlEncodeString(node); > + } > > return "AxisFault" + JavaUtils.LS > - + " faultCode: " + faultCode + JavaUtils.LS > + + " faultCode: " + code + JavaUtils.LS > + " faultSubcode: " + subCodes + JavaUtils.LS > - + " faultString: " + faultString + JavaUtils.LS > - + " faultActor: " + faultActor + JavaUtils.LS > - + " faultNode: " + faultNode + JavaUtils.LS > + + " faultString: " + errorString + JavaUtils.LS > + + " faultActor: " + actor + JavaUtils.LS > + + " faultNode: " + node + JavaUtils.LS > + " faultDetail: " + details + JavaUtils.LS > ; > } > > > >
