49565 – Findbugs: Util.specialCharactersRepresentation should be both final and package protected

Bug 49565 - Findbugs: Util.specialCharactersRepresentation should be both final and package protected

Summary: Findbugs: Util.specialCharactersRepresentation should be both final and packa...

Status:	RESOLVED FIXED

Alias:	None

Product:	Taglibs
Classification:	Unclassified
Component:	Standard Taglib (show other bugs)
Version:	1.2.0
Hardware:	PC All

Importance:	P2 enhancement (vote)
Target Milestone:	---
Assignee:	Tomcat Developers Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-07-07 01:50 UTC by Jeremy Boynes
Modified:	2010-07-16 22:09 UTC (History)
CC List:	0 users

Attachments
Fix findbugs error and refactor output implementation (32.99 KB, patch) 2010-07-07 01:55 UTC, Jeremy Boynes	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jeremy Boynes 2010-07-07 01:50:19 UTC

Public access might allow malicious code to affect the operation of the tags.

Util is a mixture of different functions and could be refactored.
The escape function is duplicated in OutSupport and the "out" method in that base class is called directly from ExprSupport in the XML taglib.

Comment 1 Jeremy Boynes 2010-07-07 01:55:45 UTC

Created attachment 25724 [details]
Fix findbugs error and refactor output implementation

Patch moves the XML escaping functionality into a single utility class and updates OutSupport and ExprSupport to use the common code. Eliminates some unnecessary array copies.

Added test cases for XML escaping and Cactus tests for <c:out>
Cactus changes required inclusion of dependencies as otherwise it was defaulting to the 1.3 APIs.
Updated Jetty test container version to 6.1.24

Comment 2 Henri Yandell 2010-07-07 02:44:00 UTC

Looks good, I'll let you commit.

Comment 3 Jeremy Boynes 2010-07-16 22:09:19 UTC

Patch applied as revision 961581