The issue reported affects two similar use cases:
- XML view of JMS subscribers is rendered with syntax errors if any of the subscribers has a selector containing an XML-prohibited character in its statement, e.g. PROPERTY <> VALUE selector statement contains < and > characters that cause XML syntax errors
- HTML view of JMS subscribers does not properly display the selector statement if it contains any of the XML-prohibited characters in it, e.g. PROPERTY <> VALUE will be displayed as PROPERTY VALUE - both the < and > characters are stripped out
The solution is to use the <c:out value=""/> syntax whenever an XML-unescaped string is to be outputted - the c:out has the escapeXml property set to true by default which does the trick.
I have attached the patch that fixes the XML escaping for JMS selector.
Please note that I could not find any JMS naming specification to make sure whether the JMS selector is the only field that is allowed to contain XML-prohibited characters. Therefore I would advise the patch reviewer to figure out whether this fix should also be applied to JMS Client ID, Connection ID, Destination Name and Subscription name fields.