Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Added XML encoding to the ResultsSerializer values, so that values th…

…at contain characters like & and " will not break the returned XML. Using the apache Lang3 package to do this.
  • Loading branch information...
commit 44fa0b5743a57dd30fb818895c5d082aec369241 1 parent 5a31efc
acshi authored

Showing 1 changed file with 6 additions and 3 deletions. Show diff stats Hide diff stats

  1. +6 3 src/org/restsql/core/impl/ResultsSerializer.java
9 src/org/restsql/core/impl/ResultsSerializer.java
@@ -4,7 +4,9 @@
4 4 import java.sql.ResultSet;
5 5 import java.sql.SQLException;
6 6 import java.util.List;
7   -import java.util.Map;
  7 +import java.util.Map;
  8 +
  9 +import org.apache.commons.lang3.StringEscapeUtils;
8 10
9 11 import org.restsql.core.ColumnMetaData;
10 12 import org.restsql.core.Config;
@@ -20,8 +22,9 @@ public static void appendNameValuePair(final StringBuffer string, final String n
20 22 if (value != null) {
21 23 string.append(" ");
22 24 string.append(name);
23   - string.append("=\"");
24   - string.append(value.toString());
  25 + string.append("=\"");
  26 + //Escape offensive characters in the value that might break the XML
  27 + string.append(StringEscapeUtils.escapeXml(value.toString()));
25 28 string.append('"');
26 29 }
27 30 }

0 comments on commit 44fa0b5

Please sign in to comment.
Something went wrong with that request. Please try again.