[
https://issues.apache.org/jira/browse/SCXML-76?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rahul Akolkar updated SCXML-76:
-------------------------------
Fix Version/s: 0.9
Yup, thanks, makes sense, I'm marking fix version to next release (v0.9).
I'm traveling and won't be able to get to this for atleast another week. Since
you have identified the changes, would you like to provide a patch as well?
Here's more on that:
http://commons.apache.org/patches.html
You are right that we don't want any more dependencies (especially required
ones) so we'll want to copy over the guts of the escapeXML method from [lang]
(or write an equivalent). The best place for this would be as a utility method
in the org.apache.commons.scxml.SCXMLHelper class that can be used by the
SCXMLSerializer (and other places as needed).
> Serialization of expressions may produce invalid XML
> ----------------------------------------------------
>
> Key: SCXML-76
> URL: https://issues.apache.org/jira/browse/SCXML-76
> Project: Commons SCXML
> Issue Type: Bug
> Affects Versions: 0.8
> Reporter: Ingmar Kliche
> Fix For: 0.9
>
>
> The SCXMLSerializer does not escape expression strings. With an EcmaScript
> evaluator the following may occur:
> original document:
> <transition event="foo" cond="i < 3" target="bar">
> the serialized document will be:
> <transition event="foo" cond="i < 3" target="bar">
> which is ill-formed XML. The serializer would need to escape the condition
> string. This applies to all places where expressions may occur.
> Apache commons-lang has a StringEscapeUtil.escapeXML(String data) function
> which would solve the problem (I don't know if it would help for all cases).
> http://svn.apache.org/viewvc/commons/proper/lang/trunk/src/java/org/apache/commons/lang/StringEscapeUtils.java?view=markup
> But using this would add another dependency to commons-scxml.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
