Bug 41852

Summary: missing unescapeXml in truncateNicely
Product: Taglibs Reporter: aigner <aigner>
Component: String TaglibAssignee: Tomcat Developers Mailing List <dev>
Severity: minor    
Priority: P2    
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: All   

Description aigner 2007-03-15 14:44:37 UTC
in StringW the function truncateNicely has following bug:

Any escaped XML tags are handled as single letters. This is at least
annoying, and can perhaps in some very very special circumstances be used
to mask data for an injection attack.

The following change fix that Problem:

public static String truncateNicely(String str, int lower, int upper, String
  // strip markup from the string
  str = XmlW.removeXml(str);

  // unescape temporarely for length handling
  str = XmlW.unescapeXml(str);

  // quickly adjust the upper if it is set lower than 'lower'
    if(upper < lower) {
      upper = lower;
  // now determine if the string fits within the upper limit
  // if it does, go straight to return, do not pass 'go' and collect $200
  if(str.length() > upper) {
    // the magic location int
    int loc;

    // first we determine where the next space appears after lower
    loc = str.lastIndexOf(' ', upper);
    // now we'll see if the location is greater than the lower limit
    if(loc >= lower) {
      // yes it was, so we'll cut it off here
      str = str.substring(0, loc);
    } else {
      // no it wasnt, so we'll cut it off at the upper limit
      str = str.substring(0, upper);
    // the string was truncated, so we append the appendToEnd String				
    str = str + appendToEnd;

  // escape after finished processing string		
  str = XmlW.escapeXml(str);
  return str;
Comment 1 Henri Yandell 2007-03-22 10:47:56 UTC
Makes sense to me. Change applied. 

svn ci -m "Applying suggested change from bug 41852. "

Sending        src/org/apache/taglibs/string/util/StringW.java
Transmitting file data .
Committed revision 521371.