Uploaded image for project: 'Commons SCXML'
  1. Commons SCXML
  2. SCXML-76

Serialization of expressions may produce invalid XML

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 0.8
    • 0.9
    • None

    Description

      The SCXMLSerializer does not escape expression strings. With an EcmaScript evaluator the following may occur:

      original document:
      <transition event="foo" cond="i < 3" target="bar">

      the serialized document will be:
      <transition event="foo" cond="i < 3" target="bar">

      which is ill-formed XML. The serializer would need to escape the condition string. This applies to all places where expressions may occur.

      Apache commons-lang has a StringEscapeUtil.escapeXML(String data) function which would solve the problem (I don't know if it would help for all cases).

      http://svn.apache.org/viewvc/commons/proper/lang/trunk/src/java/org/apache/commons/lang/StringEscapeUtils.java?view=markup

      But using this would add another dependency to commons-scxml.

      Attachments

        1. SCXMLHelper.patch
          2 kB
          Ingmar Kliche
        2. SCXMLSerializer.patch
          4 kB
          Ingmar Kliche
        3. SCXMLSerializerTest.patch
          1 kB
          Ingmar Kliche

        Activity

          People

            Unassigned Unassigned
            ingmar Ingmar Kliche
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: