Bug 41852 - missing unescapeXml in truncateNicely
Summary: missing unescapeXml in truncateNicely
Status: RESOLVED FIXED
Alias: None
Product: Taglibs
Classification: Unclassified
Component: String Taglib (show other bugs)
Version: unspecified
Hardware: Other All
: P2 minor (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-03-15 14:44 UTC by aigner
Modified: 2007-03-22 10:47 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description aigner 2007-03-15 14:44:37 UTC
Hello, 
in StringW the function truncateNicely has following bug:

Any escaped XML tags are handled as single letters. This is at least
annoying, and can perhaps in some very very special circumstances be used
to mask data for an injection attack.

The following change fix that Problem:

public static String truncateNicely(String str, int lower, int upper, String
appendToEnd)
{
  // strip markup from the string
  str = XmlW.removeXml(str);

  // unescape temporarely for length handling
  str = XmlW.unescapeXml(str);

  // quickly adjust the upper if it is set lower than 'lower'
    if(upper < lower) {
      upper = lower;
    }		
	
  // now determine if the string fits within the upper limit
  // if it does, go straight to return, do not pass 'go' and collect $200
  if(str.length() > upper) {
    // the magic location int
    int loc;

    // first we determine where the next space appears after lower
    loc = str.lastIndexOf(' ', upper);
			
    // now we'll see if the location is greater than the lower limit
    if(loc >= lower) {
      // yes it was, so we'll cut it off here
      str = str.substring(0, loc);
    } else {
      // no it wasnt, so we'll cut it off at the upper limit
      str = str.substring(0, upper);
    }
	
    // the string was truncated, so we append the appendToEnd String				
    str = str + appendToEnd;
  }

  // escape after finished processing string		
  str = XmlW.escapeXml(str);
		
  return str;
}
Comment 1 Henri Yandell 2007-03-22 10:47:56 UTC
Makes sense to me. Change applied. 

svn ci -m "Applying suggested change from bug 41852. "
src/org/apache/taglibs/string/util/StringW.java

Sending        src/org/apache/taglibs/string/util/StringW.java
Transmitting file data .
Committed revision 521371.