markt-asf commented on PR #621: URL: https://github.com/apache/tomcat/pull/621#issuecomment-1560920115
(Ab)using the URLEncoder for this seems wrong. Tomcat has a class specifically for escaping values in content - `org.apache.tomcat.util.security.Escape`. The fix should use this. Further, it appears that there are still multiple implementations of XML escaping in the Tomcat code base. These need to be rationalised to use `Escape` class. I agree having a test case for this is an improvement. I'd like to see that test case cover all the XML characters that need to be escaped and also test the WebDAV case as well as the directory listing case. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
