2006/unicorn/src/org/w3c/unicorn UnicornCall.java,1.1.2.8,1.1.2.9 from Thomas Gambet via cvs-syncmail on 2009-08-26 (www-validator-cvs@w3.org from August 2009)

From: Thomas Gambet via cvs-syncmail <cvsmail@w3.org>
Date: Wed, 26 Aug 2009 18:16:41 +0000
To: www-validator-cvs@w3.org
Message-Id: <E1MgN33-0000HB-3u@lionel-hutz.w3.org>

Update of /sources/public/2006/unicorn/src/org/w3c/unicorn
In directory hutz:/tmp/cvs-serv1045/src/org/w3c/unicorn

Modified Files:
      Tag: dev2
	UnicornCall.java 
Log Message:
now escapes xml characters before adding exception message to the velocity context

Index: UnicornCall.java
===================================================================
RCS file: /sources/public/2006/unicorn/src/org/w3c/unicorn/Attic/UnicornCall.java,v
retrieving revision 1.1.2.8
retrieving revision 1.1.2.9
diff -u -d -r1.1.2.8 -r1.1.2.9
--- UnicornCall.java	26 Aug 2009 17:14:02 -0000	1.1.2.8
+++ UnicornCall.java	26 Aug 2009 18:16:38 -0000	1.1.2.9
@@ -23,6 +23,7 @@
 import javax.xml.xpath.XPathExpression;
 import javax.xml.xpath.XPathFactory;
 import org.apache.commons.fileupload.FileItem;
+import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.log4j.Logger;
@@ -874,7 +875,7 @@
 
 				VelocityContext context = new VelocityContext(Framework.getLanguageContexts().get(lang));
 				if (e.getMessage() != null)	
-					context.put("exception", e.getMessage());
+					context.put("exception", StringEscapeUtils.escapeXml(e.getMessage()));
 				else
 					context.put("exception", "");

Received on Wednesday, 26 August 2009 18:16:49 UTC