Uploaded image for project: 'Groovy'
  1. Groovy
  2. GROOVY-5903

XmlTemplateEngine does not escape expression values (part 2)

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 2.0.4
    • Fix Version/s: None
    • Component/s: XML Processing
    • Environment:
      Windows 7 32 bit

      Description

      I would expect the following script to run without problems, but it does not:

      import groovy.text.*
      
      def xmlEngine = new XmlTemplateEngine()
      def xml = '''<?xml version="1.0"?>
      <users xmlns:gsp='http://groovy.codehaus.org/2005/gsp'>
          <gsp:scriptlet>users.each {</gsp:scriptlet>
              <user id="${it.id}"><gsp:expression>it.name</gsp:expression></user>
              <foo1>'</foo1>
              <foo2>"</foo2>
          <gsp:scriptlet>}</gsp:scriptlet>
      </users>'''
      def xmlBinding = [users: [
          new Expando(id: 1, name: 'mr & " haki'),
          new Expando(id: 2, name: "Hub < > ' ert")]
      ]
      def xmlOutput = xmlEngine.createTemplate(xml).make(xmlBinding).toString()
      println xmlOutput
      def root = new XmlParser().parseText(xmlOutput)
      

      Error:

      [Fatal Error] :3:9: The entity name must immediately follow the '&' in the entity reference.
      
      Reason: the strings from the expandos are not escaped by the XmlTemplateEngine
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                xn137 Christopher
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: