[logback-user] bug - Log4j XMLLayout does not encode data

David Balažic Tue, 31 Aug 2010 04:20:04 -0700

Hi!

It seems the Log4j XMLLayout * does not properly XML encode data it puts into 
the output XML.
Example:
116     buf.append("\" thread=\"");
117     buf.append(event.getThreadName());
118     buf.append("\">\r\n");


The thread name can be any string, so it can include characters like <>"/'& 
etc...
That would break the XML.


* http://logback.qos.ch/xref/ch/qos/logback/classic/log4j/XMLLayout.html
same in the logback 0.9.24

David Balažic
Software Engineer

    ComTrade

    HERMES SoftLab
    a ComTrade company

    HERMES SoftLab d.o.o.
    Litijska 51, 1000 Ljubljana
    Slovenia

    phone: +386 81 60 8937
    fax: +386 1 586 52 70

[email protected] 
www.comtrade.com/si 
_______________________________________________
Logback-user mailing list
[email protected]
http://qos.ch/mailman/listinfo/logback-user

[logback-user] bug - Log4j XMLLayout does not encode data

Reply via email to