Actually, I don't think everything should be escaped all the time, really I don't. :)
I think there should be dumpToString() and dumpToSafeString(), i.e. two different methods for two different bits of functionality, rather than an overload with a flag. When not in an HTML/browser context (i.e. when debugging on the console, for instance) it isn't much use to escape the string, IMHO. --Glen > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Saturday, February 01, 2003 4:03 PM > To: [EMAIL PROTECTED] > Subject: cvs commit: xml-axis/java/src/org/apache/axis/transport/http > AxisServlet.java > > > stevel 2003/02/01 13:03:01 > > Modified: java/src/org/apache/axis AxisFault.java > java/src/org/apache/axis/transport/http > AxisServlet.java > Log: > changing how we escape xml in dump to string, as per Glen's -0: > > -there is only one dumpToString() method; everything gets escaped > -so AxisServlet reverts to calling the single method. > > Revision Changes Path > 1.70 +8 -23 > xml-axis/java/src/org/apache/axis/AxisFault.java > > Index: AxisFault.java > =================================================================== > RCS file: > /home/cvs/xml-axis/java/src/org/apache/axis/AxisFault.java,v > retrieving revision 1.69 > retrieving revision 1.70 > diff -u -r1.69 -r1.70 > --- AxisFault.java 25 Jan 2003 19:28:01 -0000 1.69 > +++ AxisFault.java 1 Feb 2003 21:03:01 -0000 1.70 > @@ -303,22 +303,14 @@ > log.debug(dumpToString()); > } > > - /** > - * turn the fault and details into a string > - * @return stringified fault details > - */ > - public String dumpToString() { > - return dumpToString(true); > - } > > /** > - * turn the fault and details into a string, with or > without XML escaping. > + * turn the fault and details into a string, with XML escaping. > * subclassers: for security (cross-site-scripting) reasons, > * escape everything that could contain caller-supplied data. > - * @param escapeText flag to control whether to XML > escape everything > * @return stringified fault details > */ > - public String dumpToString(boolean escapeText) > + public String dumpToString() > { > String details = new String(); > > @@ -345,22 +337,15 @@ > for (int i = 0; i < faultSubCode.size(); i++) { > subCodes += JavaUtils.LS > + (QName)faultSubCode.elementAt(i); > - > } > } > - String code=faultCode.toString(); > - String errorString=faultString; > - String actor=faultActor; > - String node=faultNode; > + //encode everything except details and subcodes, > which are already > + //dealt with one way or another. > + String code= > XMLUtils.xmlEncodeString(faultCode.toString()); > + String errorString= XMLUtils.xmlEncodeString(faultString); > + String actor= XMLUtils.xmlEncodeString(faultActor); > + String node= XMLUtils.xmlEncodeString(faultNode); > > - if (escapeText) { > - //encode everything except details and > subcodes, which are already > - //dealt with one way or another. > - code= XMLUtils.xmlEncodeString(code); > - errorString = XMLUtils.xmlEncodeString(errorString); > - actor= XMLUtils.xmlEncodeString(actor); > - node = XMLUtils.xmlEncodeString(node); > - } > > return "AxisFault" + JavaUtils.LS > + " faultCode: " + code + JavaUtils.LS > > > > 1.158 +1 -1 > xml-axis/java/src/org/apache/axis/transport/http/AxisServlet.java > > Index: AxisServlet.java > =================================================================== > RCS file: > /home/cvs/xml-axis/java/src/org/apache/axis/transport/http/Axi > sServlet.java,v > retrieving revision 1.157 > retrieving revision 1.158 > diff -u -r1.157 -r1.158 > --- AxisServlet.java 25 Jan 2003 19:28:01 -0000 1.157 > +++ AxisServlet.java 1 Feb 2003 21:03:01 -0000 1.158 > @@ -419,7 +419,7 @@ > private void writeFault(PrintWriter writer, AxisFault > axisFault) { > String localizedMessage = > XMLUtils.xmlEncodeString(axisFault.getLocalizedMessage()); > writer.println("<pre>Fault - " + localizedMessage > + "<br>"); > - writer.println(axisFault.dumpToString(true)); > + writer.println(axisFault.dumpToString()); > writer.println("</pre>"); > } > > > > >
