Github user markap14 commented on a diff in the pull request:
https://github.com/apache/nifi/pull/2929#discussion_r210061986
--- Diff:
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ReplaceText.java
---
@@ -701,6 +709,27 @@ private static String wrapLiterals(String
possibleLiteral) {
return replacementFinal;
}
+ /**
+ * Escapes Expression Language like text from content Strings.
+ * <p>
+ * Since we do regular expression replacement on the content and then
do Expression Language
+ * evaluations afterwards, it is possible that if there are Expression
Language like text
+ * in the content that they will be evaluated when they should not be.
+ * </p>
+ * <p>
+ * This function is called to escape any such construct by prefixing a
second $ to the ${...} text.
+ * </p>
+ *
+ * @param content the content that may contain Expression Language
like text
+ * @return A {@code String} with any Expression Language text escaped
with a $.
+ */
+ private static String escapeExpressionsInContent(String content) {
+ if (!content.contains("${")) {
+ return content;
+ }
+ return content.replaceAll("(\\$\\{.*\\})","\\$$1");
--- End diff --
I don't believe this is going to properly escape the Expression Language.
If you encounter something simple like `${greeting}`it will work ok. But if it
encounters `$${greeting}`, this will change that into `$$${greeting}` which
will be interpreted as an escaped dollar-sign followed by the expression
`${greeting}`.
The question here is - why are we evaluating Expression Language against
the content of the FlowFile? I don't think we should be doing that at all..
---
