View | Details | Raw Unified | Return to bug 53867
Collapse All | Expand All

(-)runtime/PageContextImpl.java (-6 / +47 lines)
Lines 913-940 Link Here
913
        }
913
        }
914
    }
914
    }
915
915
916
    private static String XmlEscape(String s) {
916
    protected static String XmlEscape(String s) {
917
        if (s == null)
917
    	if (s == null) {
918
            return null;
918
            return null;
919
        StringBuilder sb = new StringBuilder();
919
    	}
920
        for (int i = 0; i < s.length(); i++) {
920
		int len = s.length();
921
922
		/*
923
		 * Look for any "bad" characters, Escape "bad" character was found
924
		 */
925
		// ASCII " 34 & 38 ' 39 < 60 > 62
926
		for (int i = 0; i < len; i++) {
921
            char c = s.charAt(i);
927
            char c = s.charAt(i);
928
			if (c >= '\"'
929
					&& c <= '>'
930
					&& (c == '<' || c == '>' || c == '\'' || c == '&' || c == '"')) {
931
				// need to escape them and then quote the whole string
932
				StringBuilder sb = new StringBuilder((int) (len * 1.2));
933
				sb.append(s, 0, i);
934
				int pos = i + 1;
935
				for (int j = i; j < len; j++) {
936
					c = s.charAt(j);
937
					if (c >= '\"' && c <= '>') {
922
            if (c == '<') {
938
            if (c == '<') {
939
							if (j > pos) {
940
								sb.append(s, pos, j);
941
							}
923
                sb.append("&lt;");
942
                sb.append("&lt;");
943
							pos = j + 1;
924
            } else if (c == '>') {
944
            } else if (c == '>') {
945
							if (j > pos) {
946
								sb.append(s, pos, j);
947
							}
925
                sb.append("&gt;");
948
                sb.append("&gt;");
949
							pos = j + 1;
926
            } else if (c == '\'') {
950
            } else if (c == '\'') {
951
							if (j > pos) {
952
								sb.append(s, pos, j);
953
							}
927
                sb.append("&#039;"); // &apos;
954
                sb.append("&#039;"); // &apos;
955
							pos = j + 1;
928
            } else if (c == '&') {
956
            } else if (c == '&') {
957
							if (j > pos) {
958
								sb.append(s, pos, j);
959
							}
929
                sb.append("&amp;");
960
                sb.append("&amp;");
961
							pos = j + 1;
930
            } else if (c == '"') {
962
            } else if (c == '"') {
963
							if (j > pos) {
964
								sb.append(s, pos, j);
965
							}
931
                sb.append("&#034;"); // &quot;
966
                sb.append("&#034;"); // &quot;
932
            } else {
967
							pos = j + 1;
933
                sb.append(c);
934
            }
968
            }
935
        }
969
        }
970
				}
971
				if (pos < len) {
972
					sb.append(s, pos, len);
973
				}
936
        return sb.toString();
974
        return sb.toString();
937
    }
975
    }
976
		}
977
		return s;
978
	}
938
979
939
    /**
980
    /**
940
     * Proprietary method to evaluate EL expressions. XXX - This method should
981
     * Proprietary method to evaluate EL expressions. XXX - This method should

Return to bug 53867