Permalink
Browse files

Added XML encoding to the ResultsSerializer values, so that values th…

…at contain characters like & and " will not break the returned XML. Using the apache Lang3 package to do this.
  • Loading branch information...
1 parent 5a31efc commit 44fa0b5743a57dd30fb818895c5d082aec369241 @acshi committed Feb 28, 2012
Showing with 6 additions and 3 deletions.
  1. +6 −3 src/org/restsql/core/impl/ResultsSerializer.java
View
9 src/org/restsql/core/impl/ResultsSerializer.java
@@ -4,7 +4,9 @@
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.List;
-import java.util.Map;
+import java.util.Map;
+
+import org.apache.commons.lang3.StringEscapeUtils;
import org.restsql.core.ColumnMetaData;
import org.restsql.core.Config;
@@ -20,8 +22,9 @@ public static void appendNameValuePair(final StringBuffer string, final String n
if (value != null) {
string.append(" ");
string.append(name);
- string.append("=\"");
- string.append(value.toString());
+ string.append("=\"");
+ //Escape offensive characters in the value that might break the XML
+ string.append(StringEscapeUtils.escapeXml(value.toString()));
string.append('"');
}
}

0 comments on commit 44fa0b5

Please sign in to comment.