Re: [xwiki-devs] [xwiki-notifications] r29955 - platform/xwiki-plugins/trunk/skinx/src/main/java/com/xpn/xwiki/plugin/skinx

Sat, 03 Jul 2010 07:36:30 -0700 

On 07/03/2010 04:25 PM, Vincent Massol wrote:
>
> On Jul 3, 2010, at 4:21 PM, sdumitriu (SVN) wrote:
>
>> Author: sdumitriu
>> Date: 2010-07-03 16:21:17 +0200 (Sat, 03 Jul 2010)
>> New Revision: 29955
>>
>> Modified:
>>    
>> platform/xwiki-plugins/trunk/skinx/src/main/java/com/xpn/xwiki/plugin/skinx/AbstractSkinExtensionPlugin.java
>> Log:
>> [misc] Improved URL escaping method
>>
>> Modified: 
>> platform/xwiki-plugins/trunk/skinx/src/main/java/com/xpn/xwiki/plugin/skinx/AbstractSkinExtensionPlugin.java
>> ===================================================================
>> --- 
>> platform/xwiki-plugins/trunk/skinx/src/main/java/com/xpn/xwiki/plugin/skinx/AbstractSkinExtensionPlugin.java
>>      2010-07-03 12:50:27 UTC (rev 29954)
>> +++ 
>> platform/xwiki-plugins/trunk/skinx/src/main/java/com/xpn/xwiki/plugin/skinx/AbstractSkinExtensionPlugin.java
>>      2010-07-03 14:21:17 UTC (rev 29955)
>> @@ -20,6 +20,8 @@
>>
>> package com.xpn.xwiki.plugin.skinx;
>>
>> +import java.io.UnsupportedEncodingException;
>> +import java.net.URLEncoder;
>> import java.util.Collections;
>> import java.util.HashMap;
>> import java.util.LinkedHashSet;
>> @@ -27,7 +29,6 @@
>> import java.util.Set;
>> import java.util.Map.Entry;
>>
>> -import org.apache.commons.lang.StringUtils;
>> import org.apache.commons.logging.Log;
>> import org.apache.commons.logging.LogFactory;
>>
>> @@ -307,10 +308,11 @@
>>      protected String sanitize(String value)
>>      {
>>          String result = value;
>> -        result = StringUtils.replace(result, "\"", "%22");
>> -        result = StringUtils.replace(result, "'", "%27");
>> -        result = StringUtils.replace(result, "<", "%3C");
>> -        result = StringUtils.replace(result, ">", "%3E");
>> +        try {
>> +            result = URLEncoder.encode(value, "UTF-8");
>> +        } catch (UnsupportedEncodingException ex) {
>> +            // Should never happen.
>> +        }
>
> What if it happens (if the exception is there it means it can happen)? 
> Shouldn't you at least log an error or warning that says the result is left 
> as is without being encoded?

You mean in case UTF-8 suddenly disappears from Java?

-- 
Sergiu Dumitriu
http://purl.org/net/sergiu/
_______________________________________________
devs mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/devs

Reply via email to