Uploaded image for project: 'Groovy'
  1. Groovy
  2. GROOVY-1306

MarkupBuilder does not escape strings with newlines

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 1.0-JSR-5
    • 1.0-RC-1
    • None
    • None
    • sun JDK 1.5.0_05-b05. Ubuntu linux.

    Description

      element values and attributes are not escaped if they contain a newline.

      This script:

      import groovy.xml.MarkupBuilder

      xml = new MarkupBuilder()

      xml.body {
      xml.text("not escaped: & < >\n & < >")
      }

      produces this output:

      <body>
      <text>not escaped: & < >
      & < ></text>
      </body>

      if I remove the newline in the text I get the correct output:

      // newline removed
      import groovy.xml.MarkupBuilder

      xml = new MarkupBuilder()

      xml.body {
      xml.text("not escaped: & < > & < >")
      }

      output:

      <body>
      <text>not escaped: & < > & < ></text>
      </body>

      I've worked around this by subclassing MarkupBuilder and calling org.apache.commons.lang.StringEscapeUtils.escapeHtml in transformValue. Similar escaping needs to be done in MarkupBuilder.

      import org.apache.commons.lang.StringEscapeUtils;

      class EscapingMarkupBuilder extends MarkupBuilder {
      public EscapingMarkupBuilder(PrintWriter writer)

      { super(writer); }

      // use alternate escaping to work around the bug.
      protected String transformValue(String value)

      { return StringEscapeUtils.escapeHtml(value); }

      }

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            guillaume Guillaume Sauthier
            dmy999 Derek Young
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment