Bug 49565

Summary: Findbugs: Util.specialCharactersRepresentation should be both final and package protected
Product: Taglibs Reporter: Jeremy Boynes <jboynes>
Component: Standard TaglibAssignee: Tomcat Developers Mailing List <dev>
Severity: enhancement    
Priority: P2    
Version: 1.2.0   
Target Milestone: ---   
Hardware: PC   
OS: All   
Attachments: Fix findbugs error and refactor output implementation

Description Jeremy Boynes 2010-07-07 01:50:19 UTC
Public access might allow malicious code to affect the operation of the tags.

Util is a mixture of different functions and could be refactored.
The escape function is duplicated in OutSupport and the "out" method in that base class is called directly from ExprSupport in the XML taglib.
Comment 1 Jeremy Boynes 2010-07-07 01:55:45 UTC
Created attachment 25724 [details]
Fix findbugs error and refactor output implementation

Patch moves the XML escaping functionality into a single utility class and updates OutSupport and ExprSupport to use the common code. Eliminates some unnecessary array copies.

Added test cases for XML escaping and Cactus tests for <c:out>
Cactus changes required inclusion of dependencies as otherwise it was defaulting to the 1.3 APIs.
Updated Jetty test container version to 6.1.24
Comment 2 Henri Yandell 2010-07-07 02:44:00 UTC
Looks good, I'll let you commit.
Comment 3 Jeremy Boynes 2010-07-16 22:09:19 UTC
Patch applied as revision 961581