The HTMLManagerServlet class in the same package calls RequestUtil.filter() e.g. for web application names. (import org.apache.catalina.util.RequestUtil;)
This class should use that method as well. There is no need to copy the implementation. 2017-10-10 17:22 GMT+03:00 <r...@apache.org>: > Author: remm > Date: Tue Oct 10 14:22:31 2017 > New Revision: 1811704 > > URL: http://svn.apache.org/viewvc?rev=1811704&view=rev > Log: > 61603: Add XML escaping to the names of some memory pools. The > escape/filterXml methods could be factored out maybe (although it would add > imports on other JARs). > > Modified: > tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java > tomcat/trunk/webapps/docs/changelog.xml > > Modified: tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java > URL: > http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java?rev=1811704&r1=1811703&r2=1811704&view=diff > ============================================================================== > --- tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java > (original) > +++ tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java Tue > Oct 10 14:22:31 2017 > @@ -260,7 +260,7 @@ public class StatusTransformer { > for (MemoryPoolMXBean memoryPoolMBean : > memoryPoolMBeans.values()) { > MemoryUsage usage = memoryPoolMBean.getUsage(); > writer.write("<memorypool"); > - writer.write(" name='" + memoryPoolMBean.getName() + "'"); > + writer.write(" name='" + > filterXml(memoryPoolMBean.getName()) + "'"); > writer.write(" type='" + memoryPoolMBean.getType() + "'"); > writer.write(" usageInit='" + usage.getInit() + "'"); > writer.write(" usageCommitted='" + usage.getCommitted() + > "'"); > @@ -947,6 +947,35 @@ public class StatusTransformer { > } > > > + /** > + * Escape the 5 entities defined by XML. > + * @param s The message string to be filtered > + * @return filtered XML content > + */ > + public static String filterXml(String s) { > + if (s == null) > + return ""; > + StringBuilder sb = new StringBuilder(); > + for (int i = 0; i < s.length(); i++) { > + char c = s.charAt(i); > + if (c == '<') { > + sb.append("<"); > + } else if (c == '>') { > + sb.append(">"); > + } else if (c == '\'') { > + sb.append("'"); > + } else if (c == '&') { > + sb.append("&"); > + } else if (c == '"') { > + sb.append("""); > + } else { > + sb.append(c); > + } > + } > + return sb.toString(); > + } > + > + > /** > * Display the given size in bytes, either as KB or MB. > * > > Modified: tomcat/trunk/webapps/docs/changelog.xml > URL: > http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1811704&r1=1811703&r2=1811704&view=diff > ============================================================================== > --- tomcat/trunk/webapps/docs/changelog.xml (original) > +++ tomcat/trunk/webapps/docs/changelog.xml Tue Oct 10 14:22:31 2017 > @@ -75,6 +75,10 @@ > <fix> > Enable Javadoc to be built with Java 9. (markt) > </fix> > + <fix> > + <bug>61603</bug>: Add XML filtering for the status servlet output > where > + needed. (remm) > + </fix> > </changelog> > </subsection> > <subsection name="Other"> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
