[GROOVY-5775] XmlTemplateEngine does not escape expression values (part 1) - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.0.4
Fix Version/s: 2.1.0-rc-1
Component/s: XML Processing
Labels:
- xmltemplateengine
Environment:
Windows 7 32 bit

Description

I would expect the following script to run without problems, but it does not:

import groovy.text.*

def xmlEngine = new XmlTemplateEngine()
def xml = '''<?xml version="1.0"?>
<users xmlns:gsp='http://groovy.codehaus.org/2005/gsp'>
    <gsp:scriptlet>users.each {</gsp:scriptlet>
        <user id="${it.id}"><gsp:expression>it.name</gsp:expression></user>
        <foo1>'</foo1>
        <foo2>"</foo2>
    <gsp:scriptlet>}</gsp:scriptlet>
</users>'''
def xmlBinding = [users: [
    new Expando(id: 1, name: 'mr & " haki'),
    new Expando(id: 2, name: "Hub < > ' ert")]
]
def xmlOutput = xmlEngine.createTemplate(xml).make(xmlBinding).toString()
println xmlOutput
def root = new XmlParser().parseText(xmlOutput)

Error:

[Fatal Error] :3:9: The entity name must immediately follow the '&' in the entity reference.

Reason: the strings from the expandos are not escaped by the XmlTemplateEngine

Attachments

Issue Links

is related to

GROOVY-5903 XmlTemplateEngine does not escape expression values (part 2)

Open

Activity

People

Assignee:: Paul King

Reporter:: Christopher

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 31/Oct/12 05:12

Updated:: 13/Jan/13 04:02

Resolved:: 13/Jan/13 04:02