[AMQ-4218] JMS selector statement not displayed correctly in subscribers web view if contains XML-prohibited characters - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 5.7.0
Fix Version/s: 5.8.0
Component/s: None
Labels:
- escaping
- jsp
- selector
- web-ui
- webconsole
- webgui
- xml

Patch Info:

Patch Available

Description

The issue reported affects two similar use cases:

XML view of JMS subscribers is rendered with syntax errors if any of the subscribers has a selector containing an XML-prohibited character in its statement, e.g. PROPERTY <> VALUE selector statement contains < and > characters that cause XML syntax errors
HTML view of JMS subscribers does not properly display the selector statement if it contains any of the XML-prohibited characters in it, e.g. PROPERTY <> VALUE will be displayed as PROPERTY VALUE - both the < and > characters are stripped out

The solution is to use the <c:out value=""/> syntax whenever an XML-unescaped string is to be outputted - the c:out has the escapeXml property set to true by default which does the trick.

I have attached the patch that fixes the XML escaping for JMS selector.

Please note that I could not find any JMS naming specification to make sure whether the JMS selector is the only field that is allowed to contain XML-prohibited characters. Therefore I would advise the patch reviewer to figure out whether this fix should also be applied to JMS Client ID, Connection ID, Destination Name and Subscription name fields.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

AMQ-4218.patch
11/Dec/12 12:05
2 kB
Dawid Wróbel

Activity

People

Assignee:: Timothy A. Bish

Reporter:: Dawid Wróbel

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 11/Dec/12 12:03

Updated:: 11/Dec/12 16:32

Resolved:: 11/Dec/12 16:32