View | Details | Raw Unified | Return to bug 53867
Collapse All | Expand All

(-)apache/jasper/runtime/PageContextImpl.java (-7 / +48 lines)
Lines 913-940 Link Here
913 
        }
 913 
        }
914 
    }
 914 
    }
915 

          915
          

        

          
            

              916
              
    private static String XmlEscape(String s) {


              916
              
    protected static String XmlEscape(String s) {

            

            

              917
              
        if (s == null)


              917
              
    	if (s == null) {

            

            

              918
              
            return null;


              918
              
    		return "";

            

            

              919
              
        StringBuilder sb = new StringBuilder();


              919
              
    	}

            

            

              920
              
        for (int i = 0; i < s.length(); i++) {


              920
              
		int len = s.length();

            

            

              
              

              921
              

            

            


              922
              
		/*

            

            


              923
              
		 * Look for any "bad" characters, Escape "bad" character was found

            

            


              924
              
		 */

            

            


              925
              
		// ASCII " 34 & 38 ' 39 < 60 > 62

            

            


              926
              
		for (int i = 0; i < len; i++) {

            

        

          921
          
            char c = s.charAt(i);

          927
          
            char c = s.charAt(i);

        

            

              
              
              928
              
			if (c >= '\"'

            

            

              929
              
					&& c <= '>'

            

            

              930
              
					&& (c == '<' || c == '>' || c == '\'' || c == '&' || c == '"')) {

            

            

              931
              
				// need to escape them and then quote the whole string

            

            

              932
              
				StringBuilder sb = new StringBuilder((int) (len * 1.2));

            

            

              933
              
				sb.append(s, 0, i);

            

            

              934
              
				int pos = i + 1;

            

            

              935
              
				for (int j = i; j < len; j++) {

            

            

              936
              
					c = s.charAt(j);

            

            

              937
              
					if (c >= '\"' && c <= '>') {

            

        

          922
          
            if (c == '<') {

          938
          
            if (c == '<') {

        

            

              
              
              939
              
							if (j > pos) {

            

            

              940
              
								sb.append(s, pos, j);

            

            

              941
              
							}

            

        

          923
          
                sb.append("&lt;");

          942
          
                sb.append("&lt;");

        

            

              
              
              943
              
							pos = j + 1;

            

        

          924
          
            } else if (c == '>') {

          944
          
            } else if (c == '>') {

        

            

              
              
              945
              
							if (j > pos) {

            

            

              946
              
								sb.append(s, pos, j);

            

            

              947
              
							}

            

        

          925
          
                sb.append("&gt;");

          948
          
                sb.append("&gt;");

        

            

              
              
              949
              
							pos = j + 1;

            

        

          926
          
            } else if (c == '\'') {

          950
          
            } else if (c == '\'') {

        

            

              
              
              951
              
							if (j > pos) {

            

            

              952
              
								sb.append(s, pos, j);

            

            

              953
              
							}

            

        

          927
          
                sb.append("&#039;"); // &apos;

          954
          
                sb.append("&#039;"); // &apos;

        

            

              
              
              955
              
							pos = j + 1;

            

        

          928
          
            } else if (c == '&') {

          956
          
            } else if (c == '&') {

        

            

              
              
              957
              
							if (j > pos) {

            

            

              958
              
								sb.append(s, pos, j);

            

            

              959
              
							}

            

        

          929
          
                sb.append("&amp;");

          960
          
                sb.append("&amp;");

        

            

              
              
              961
              
							pos = j + 1;

            

        

          930
          
            } else if (c == '"') {

          962
          
            } else if (c == '"') {

        

            

              
              
              963
              
							if (j > pos) {

            

            

              964
              
								sb.append(s, pos, j);

            

            

              965
              
							}

            

        

          931
          
                sb.append("&#034;"); // &quot;

          966
          
                sb.append("&#034;"); // &quot;

        

          
            

              932
              
            } else {


              967
              
							pos = j + 1;

            

            

              933
              
                sb.append(c);


              
              
            

        

          934
          
            }

          968
          
            }

        

        

          935
          
        }

          969
          
        }

        

            

              
              
              970
              
				}

            

            

              971
              
				if (pos < len) {

            

            

              972
              
					sb.append(s, pos, len);

            

            

              973
              
				}

            

        

          936
          
        return sb.toString();

          974
          
        return sb.toString();

        

        

          937
          
    }

          975
          
    }

        

            

              
              
              976
              
		}

            

            

              977
              
		return s;

            

            

              978
              
	}

            

        

          938
          

          979
          

        

        

          939
          
    /**

          980
          
    /**

        

        

          940
          
     * Proprietary method to evaluate EL expressions. XXX - This method should

          981
          
     * Proprietary method to evaluate EL expressions. XXX - This method should

        






  

  Return to bug 53867