Uploaded image for project: 'Groovy'
  1. Groovy
  2. GROOVY-5903

XmlTemplateEngine does not escape expression values (part 2)

Attach filesAttach ScreenshotAdd voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • 2.0.4
    • None
    • XML Processing
    • Windows 7 32 bit

    Description

      I would expect the following script to run without problems, but it does not:

      import groovy.text.*
      
      def xmlEngine = new XmlTemplateEngine()
      def xml = '''<?xml version="1.0"?>
      <users xmlns:gsp='http://groovy.codehaus.org/2005/gsp'>
          <gsp:scriptlet>users.each {</gsp:scriptlet>
              <user id="${it.id}"><gsp:expression>it.name</gsp:expression></user>
              <foo1>'</foo1>
              <foo2>"</foo2>
          <gsp:scriptlet>}</gsp:scriptlet>
      </users>'''
      def xmlBinding = [users: [
          new Expando(id: 1, name: 'mr & " haki'),
          new Expando(id: 2, name: "Hub < > ' ert")]
      ]
      def xmlOutput = xmlEngine.createTemplate(xml).make(xmlBinding).toString()
      println xmlOutput
      def root = new XmlParser().parseText(xmlOutput)
      

      Error:

      [Fatal Error] :3:9: The entity name must immediately follow the '&' in the entity reference.
      
      Reason: the strings from the expandos are not escaped by the XmlTemplateEngine
      

      Attachments

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            xn137 Christopher

            Dates

              Created:
              Updated:

              Slack

                Issue deployment