svn commit: r1087725 - /incubator/wookie/trunk/src/org/apache/wookie/helpers/WidgetHelper.java

Fri, 01 Apr 2011 07:50:55 -0700 

Author: scottbw
Date: Fri Apr  1 14:50:31 2011
New Revision: 1087725

URL: http://svn.apache.org/viewvc?rev=1087725&view=rev
Log:
Escape XML output for things like widget names to remove angle brackets etc.

Modified:
    incubator/wookie/trunk/src/org/apache/wookie/helpers/WidgetHelper.java

Modified: incubator/wookie/trunk/src/org/apache/wookie/helpers/WidgetHelper.java
URL: 
http://svn.apache.org/viewvc/incubator/wookie/trunk/src/org/apache/wookie/helpers/WidgetHelper.java?rev=1087725&r1=1087724&r2=1087725&view=diff
==============================================================================
--- incubator/wookie/trunk/src/org/apache/wookie/helpers/WidgetHelper.java 
(original)
+++ incubator/wookie/trunk/src/org/apache/wookie/helpers/WidgetHelper.java Fri 
Apr  1 14:50:31 2011
@@ -16,6 +16,7 @@ package org.apache.wookie.helpers;
 import java.net.MalformedURLException;
 import java.net.URL;
 
+import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.wookie.beans.IDescription;
 import org.apache.wookie.beans.ILicense;
 import org.apache.wookie.beans.IName;
@@ -124,7 +125,7 @@ public class WidgetHelper {
                        if (license.getLang()!=null) out+=" 
xml:lang=\""+license.getLang()+"\"";
                        if (license.getHref()!=null) out+=" 
href=\""+license.getHref()+"\"";
                        if (license.getDir()!=null) out+=" 
dir=\""+license.getDir()+"\"";
-                       out+=">"+license.getText()+"</license>\n";
+                       
out+=">"+StringEscapeUtils.escapeXml(license.getText())+"</license>\n";
                }
                return out;
        }
@@ -148,9 +149,9 @@ public class WidgetHelper {
                }
                String out = "\t\t<title "; 
                if (name != null && name.getDir()!=null) out+=" 
dir=\""+name.getDir()+"\"";
-               if (shortName != null) out +=" short=\""+shortName + "\"";
+               if (shortName != null) out +=" 
short=\""+StringEscapeUtils.escapeXml(shortName) + "\"";
                out +=">";
-               if(longName != null) out += longName; 
+               if(longName != null) out += 
StringEscapeUtils.escapeXml(longName); 
                out += "</title>\n";
                return out;
        }
@@ -161,7 +162,7 @@ public class WidgetHelper {
                String out = "\t\t<description";
                if (desc!= null && desc.getDir()!=null) out+=" 
dir=\""+desc.getDir()+"\"";
                out += ">";
-               if (desc != null) out += desc.getContent();
+               if (desc != null) out += 
StringEscapeUtils.escapeXml(desc.getContent());
                out += "</description>\n";
                return out;
        }

Reply via email to