[jira] Updated: (SCXML-76) Serialization of expressions may produce invalid XML

[Ingmar Kliche (JIRA)]

     [ 
https://issues.apache.org/jira/browse/SCXML-76?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ingmar Kliche updated SCXML-76:
-------------------------------

    Description: 
The SCXMLSerializer does not escape expression strings. With an EcmaScript 
evaluator the following may occur:

original document:
<transition event="foo" cond="i &lt; 3" target="bar">

the serialized document will be:
<transition event="foo" cond="i < 3" target="bar">

which is ill-formed XML. The serializer would need to escape the condition 
string. This applies to all places where expressions may occur.

Apache commons-lang has a StringEscapeUtil.escapeXML(String data) function 
which would solve the problem (I don't know if it would help for all cases). 

http://svn.apache.org/viewvc/commons/proper/lang/trunk/src/java/org/apache/commons/lang/StringEscapeUtils.java?view=markup

But using this would add another dependency to commons-scxml.

  was:
The SCXMLSerializer does not escape expression strings. With an EcmaScript 
evaluator the following may occur:

original document:
<transition event="foo" cond="i &lt; 3" target="bar">

the serialized document will be:
<transition event="foo" cond="i < 3" target="bar">

which is ill-formed XML. The serializer would need to escape the condition 
string. This applies to all places where expressions may occur.

Apache commons-lang has a StringEscapeUtil.escapeXML(String data) function 
which would solve the problem (I don't know if it would help for all cases). 
But using this would add another dependency to commons-scxml.




Added link to StringEscapeUtil implementation.

> Serialization of expressions may produce invalid XML
> ----------------------------------------------------
>
>                 Key: SCXML-76
>                 URL: https://issues.apache.org/jira/browse/SCXML-76
>             Project: Commons SCXML
>          Issue Type: Bug
>    Affects Versions: 0.8
>            Reporter: Ingmar Kliche
>
> The SCXMLSerializer does not escape expression strings. With an EcmaScript 
> evaluator the following may occur:
> original document:
> <transition event="foo" cond="i &lt; 3" target="bar">
> the serialized document will be:
> <transition event="foo" cond="i < 3" target="bar">
> which is ill-formed XML. The serializer would need to escape the condition 
> string. This applies to all places where expressions may occur.
> Apache commons-lang has a StringEscapeUtil.escapeXML(String data) function 
> which would solve the problem (I don't know if it would help for all cases). 
> http://svn.apache.org/viewvc/commons/proper/lang/trunk/src/java/org/apache/commons/lang/StringEscapeUtils.java?view=markup
> But using this would add another dependency to commons-scxml.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.