Bug 41852 - missing unescapeXml in truncateNicely
Summary: missing unescapeXml in truncateNicely
Alias: None
Product: Taglibs
Classification: Unclassified
Component: String Taglib (show other bugs)
Version: unspecified
Hardware: Other All
: P2 minor (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
Depends on:
Reported: 2007-03-15 14:44 UTC by aigner
Modified: 2007-03-22 10:47 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description aigner 2007-03-15 14:44:37 UTC
in StringW the function truncateNicely has following bug:

Any escaped XML tags are handled as single letters. This is at least
annoying, and can perhaps in some very very special circumstances be used
to mask data for an injection attack.

The following change fix that Problem:

public static String truncateNicely(String str, int lower, int upper, String
  // strip markup from the string
  str = XmlW.removeXml(str);

  // unescape temporarely for length handling
  str = XmlW.unescapeXml(str);

  // quickly adjust the upper if it is set lower than 'lower'
    if(upper < lower) {
      upper = lower;
  // now determine if the string fits within the upper limit
  // if it does, go straight to return, do not pass 'go' and collect $200
  if(str.length() > upper) {
    // the magic location int
    int loc;

    // first we determine where the next space appears after lower
    loc = str.lastIndexOf(' ', upper);
    // now we'll see if the location is greater than the lower limit
    if(loc >= lower) {
      // yes it was, so we'll cut it off here
      str = str.substring(0, loc);
    } else {
      // no it wasnt, so we'll cut it off at the upper limit
      str = str.substring(0, upper);
    // the string was truncated, so we append the appendToEnd String				
    str = str + appendToEnd;

  // escape after finished processing string		
  str = XmlW.escapeXml(str);
  return str;
Comment 1 Henri Yandell 2007-03-22 10:47:56 UTC
Makes sense to me. Change applied. 

svn ci -m "Applying suggested change from bug 41852. "

Sending        src/org/apache/taglibs/string/util/StringW.java
Transmitting file data .
Committed revision 521371.