|Summary:||Findbugs: Util.specialCharactersRepresentation should be both final and package protected|
|Product:||Taglibs||Reporter:||Jeremy Boynes <jboynes>|
|Component:||Standard Taglib||Assignee:||Tomcat Developers Mailing List <dev>|
|Attachments:||Fix findbugs error and refactor output implementation|
Description Jeremy Boynes 2010-07-07 01:50:19 UTC
Public access might allow malicious code to affect the operation of the tags. Util is a mixture of different functions and could be refactored. The escape function is duplicated in OutSupport and the "out" method in that base class is called directly from ExprSupport in the XML taglib.
Comment 1 Jeremy Boynes 2010-07-07 01:55:45 UTC
Created attachment 25724 [details] Fix findbugs error and refactor output implementation Patch moves the XML escaping functionality into a single utility class and updates OutSupport and ExprSupport to use the common code. Eliminates some unnecessary array copies. Added test cases for XML escaping and Cactus tests for <c:out> Cactus changes required inclusion of dependencies as otherwise it was defaulting to the 1.3 APIs. Updated Jetty test container version to 6.1.24
Comment 2 Henri Yandell 2010-07-07 02:44:00 UTC
Looks good, I'll let you commit.