|Summary:||listings page does not escape XML characters|
|Product:||Tomcat 5||Reporter:||Dies Koper <dies>|
|Component:||Unknown||Assignee:||Tomcat Developers Mailing List <dev>|
|Attachments:||Patch to DefaultServlet.java that HTML-encodes filenames for directory indexing|
Description Dies Koper 2006-11-05 20:38:27 UTC
Comment 1 Chris Halstead 2006-11-06 14:04:19 UTC
Created attachment 19093 [details] Patch to DefaultServlet.java that HTML-encodes filenames for directory indexing
Comment 2 Chris Halstead 2006-11-06 14:04:33 UTC
Confirmed on Linux as well. I'm attaching a simple patch that incorporates basic HTML encoding into o.a.catalina.servlets.DefaultServlet when outputting a directory index (whether as HTML or XML). The method in question is basically the same as used in o.a.catalina.util.DOMWriter and in HTMLFilter.java in the JSR152/154 examples.
Comment 3 Dies Koper 2006-11-06 16:07:58 UTC
Thanks Chris! BTW: the file/directory names should be "<b>xxx<b>", "<i>yyy<i>" to get the HTML code interpreted by the browser. Somehow I lost the end tags in my posting. I tried jarring them up and unjarring them to Windows to see if I could reproduce it there. Alas, IOExc during unjarring.
Comment 4 Mark Thomas 2006-11-10 13:17:32 UTC
many thanks for the patch. A variation has been applied to SVN and will be included in 5.5.21 onwards.