ASF Bugzilla – Attachment 19093 Details for
Bug 40901
listings page does not escape XML characters
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch to DefaultServlet.java that HTML-encodes filenames for directory indexing
html-encode.patch (text/plain), 2.23 KB, created by
Chris Halstead
on 2006-11-06 14:04:19 UTC
(
hide
)
Description:
Patch to DefaultServlet.java that HTML-encodes filenames for directory indexing
Filename:
MIME Type:
Creator:
Chris Halstead
Created:
2006-11-06 14:04:19 UTC
Size:
2.23 KB
patch
obsolete
>Index: container/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java >=================================================================== >--- container/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java (revision 471875) >+++ container/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java (working copy) >@@ -1207,7 +1207,7 @@ > .append("'"); > > sb.append(">"); >- sb.append(trimmed); >+ sb.append(encodeHTML(trimmed)); > if (childCacheEntry.context != null) > sb.append("/"); > sb.append("</entry>"); >@@ -1376,7 +1376,7 @@ > if (childCacheEntry.context != null) > sb.append("/"); > sb.append("\"><tt>"); >- sb.append(trimmed); >+ sb.append(encodeHTML(trimmed)); > if (childCacheEntry.context != null) > sb.append("/"); > sb.append("</tt></a></td>\r\n"); >@@ -2183,8 +2183,44 @@ > > } > >+ /** >+ * HTML-encode characters in the specified string >+ * >+ * @param s The string to HTML-encode >+ * @return The HTML-encoded string, or null is the >+ * specified input string was null. >+ */ >+ protected String encodeHTML(String s) { > >+ if( null == s) >+ return null; > >+ char content[] = new char[s.length()]; >+ s.getChars(0, s.length(), content, 0); >+ StringBuffer result = new StringBuffer(content.length + 50); >+ for ( int i = 0; i < content.length; i++ ) { >+ switch (content[i]) { >+ case '<': >+ result.append("<"); >+ break; >+ case '>': >+ result.append(">"); >+ break; >+ case '&': >+ result.append("&"); >+ break; >+ case '"': >+ result.append("""); >+ break; >+ default: >+ result.append(content[i]); >+ } >+ } >+ return (result.toString()); >+ >+ } >+ >+ > // ------------------------------------------------------ Range Inner Class > >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 40901
: 19093