On Jul 3, 2010, at 4:21 PM, sdumitriu (SVN) wrote:
> Author: sdumitriu
> Date: 2010-07-03 16:21:17 +0200 (Sat, 03 Jul 2010)
> New Revision: 29955
>
> Modified:
>
> platform/xwiki-plugins/trunk/skinx/src/main/java/com/xpn/xwiki/plugin/skinx/AbstractSkinExtensionPlugin.java
> Log:
> [misc] Improved URL escaping method
>
> Modified:
> platform/xwiki-plugins/trunk/skinx/src/main/java/com/xpn/xwiki/plugin/skinx/AbstractSkinExtensionPlugin.java
> ===================================================================
> ---
> platform/xwiki-plugins/trunk/skinx/src/main/java/com/xpn/xwiki/plugin/skinx/AbstractSkinExtensionPlugin.java
> 2010-07-03 12:50:27 UTC (rev 29954)
> +++
> platform/xwiki-plugins/trunk/skinx/src/main/java/com/xpn/xwiki/plugin/skinx/AbstractSkinExtensionPlugin.java
> 2010-07-03 14:21:17 UTC (rev 29955)
> @@ -20,6 +20,8 @@
>
> package com.xpn.xwiki.plugin.skinx;
>
> +import java.io.UnsupportedEncodingException;
> +import java.net.URLEncoder;
> import java.util.Collections;
> import java.util.HashMap;
> import java.util.LinkedHashSet;
> @@ -27,7 +29,6 @@
> import java.util.Set;
> import java.util.Map.Entry;
>
> -import org.apache.commons.lang.StringUtils;
> import org.apache.commons.logging.Log;
> import org.apache.commons.logging.LogFactory;
>
> @@ -307,10 +308,11 @@
> protected String sanitize(String value)
> {
> String result = value;
> - result = StringUtils.replace(result, "\"", "%22");
> - result = StringUtils.replace(result, "'", "%27");
> - result = StringUtils.replace(result, "<", "%3C");
> - result = StringUtils.replace(result, ">", "%3E");
> + try {
> + result = URLEncoder.encode(value, "UTF-8");
> + } catch (UnsupportedEncodingException ex) {
> + // Should never happen.
> + }
What if it happens (if the exception is there it means it can happen)?
Shouldn't you at least log an error or warning that says the result is left as
is without being encoded?
Thanks
-Vincent
_______________________________________________
devs mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/devs
