[
http://issues.apache.org/jira/browse/SOAP-159?page=comments#action_12421139 ]
Jeremy Kleier commented on SOAP-159:
------------------------------------
I have a related issue with this piece of code:
case '\r' : strBuf.append("
");
break;
I don't believe escaping the carriage return is the proper thing to do here.
Carriage returns *are* valid XML chars, and all that we should be doing in this
piece of code is cleaning the message to be valid XML.
Jeremy Kleier
[EMAIL PROTECTED]
> Axis mis-encodes Strings w/ invalid characters for SOAP transport
> -----------------------------------------------------------------
>
> Key: SOAP-159
> URL: http://issues.apache.org/jira/browse/SOAP-159
> Project: SOAP
> Issue Type: Bug
> Components: All
> Affects Versions: 2.2
> Environment: Operating System: Windows XP
> Platform: PC
> Reporter: Ryan Choi
> Assigned To: Matthew J. Duftler
>
> Axis doesnât seem to be properly XML-encoding string values in SOAP
> requests/responses. More specifically, org.apache.axis.utils.XmlUtils isn't
> stripping out invalid characters before sending them across the wire. An
> example of such an invalid string is:
> 2002âN2Å'Ž1âú³Ž®Å'_â"ñâ¢ÂªâæâèÃ...¬Æ'â°Æ'CÆ'ZÆ'âÆ'Xââðâ¢ÃXâ¢â½âµâÃââ¢
> In this case, there is a definite null character, which is not legal XML,
> being
> sent over the wire. An Axis client receiving this response chokes in parsing
> the XML.
> It looks like the problem may be in org.apache.axis.utils.XmlUtils. The
> xmlEncodeString() method only encodes the string if either '&', '"', '\'',
> '<'
> or '>' are found. If none are found, it just returns the original string
> (even
> if it has OTHER invalid characters) and writes it as-is.
> I've included the XmlUtils.xmlEncodeString() method below, as well as a
> suggested fix for it.
> I'm using the following:
> Implementation-Title: Apache Axis
> Implementation-Version: 1.1 1021 June 13 2003
> Implementation-Vendor: Apache Web Services
> Java: JDK 1.4.1_02
> OS: Windows XML Professional Version 2002 SP1
> CPU: Intel Xeon 3.06GHz, 1.00 GB RAM
> Any help/suggestions/recommendations would be helpful. Thanks!
> Ryan Choi
> [EMAIL PROTECTED]
> ----------------------------------------------
> Original from XmlUtils:
> public static String xmlEncodeString(String orig)
> {
> if (orig == null)
> {
> return "";
> }
> char[] chars = orig.toCharArray();
> // if the string doesn't have any of the magic characters, leave
> // it alone.
> boolean needsEncoding = false;
> search:
> for(int i = 0; i < chars.length; i++) {
> switch(chars[i]) {
> case '&': case '"': case '\'': case '<': case '>':
> needsEncoding = true;
> break search;
> }
> }
> if (!needsEncoding) return orig;
> StringBuffer strBuf = new StringBuffer();
> for (int i = 0; i < chars.length; i++)
> {
> switch (chars[i])
> {
> case '&' : strBuf.append("&");
> break;
> case '\"' : strBuf.append(""");
> break;
> case '\'' : strBuf.append("'");
> break;
> case '<' : strBuf.append("<");
> break;
> case '\r' : strBuf.append("
");
> break;
> case '>' : strBuf.append(">");
> break;
> default :
> if (((int)chars[i]) > 127) {
> strBuf.append("&#");
> strBuf.append((int)chars[i]);
> strBuf.append(";");
> } else {
> strBuf.append(chars[i]);
> }
> }
> }
> return strBuf.toString();
> }
> Suggested fix for XmlUtils:
> public static String xmlEncodeString(String orig)
> {
> if (orig == null)
> {
> return "";
> }
> char[] chars = orig.toCharArray();
> StringBuffer strBuf = new StringBuffer();
> for (int i = 0; i < chars.length; i++)
> {
> switch (chars[i])
> {
> case '&' : strBuf.append("&");
> break;
> case '\"' : strBuf.append(""");
> break;
> case '\'' : strBuf.append("'");
> break;
> case '<' : strBuf.append("<");
> break;
> case '\r' : strBuf.append("
");
> break;
> case '>' : strBuf.append(">");
> break;
> case '\n' : // Line Feed is OK
> case '\r' : // Carriage Return is OK
> case '\t' : // Tab is OK
> // These characters are specifically OK, as exceptions to
> // the general rule below:
> strBuf.append(chars[i]);
> break;
> default :
> if (((c >= 0x20) && (c <= 0xD7FF)) ||
> ((c >= 0xE000) && (c <= 0xFFFD))) {
> strBuf.append(chars[i]);
> }
> // For chars outside these ranges (such as control
> chars),
> // do nothing; it's not legal XML to print these chars,
> // even escaped
> }
> }
> return strBuf.toString();
> }
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
