elharo commented on code in PR #242:
URL:
https://github.com/apache/maven-invoker-plugin/pull/242#discussion_r1604812464
##########
src/main/java/org/apache/maven/plugins/invoker/AbstractInvokerMojo.java:
##########
@@ -1779,7 +1781,7 @@ private void writeJunitReport(BuildJob buildJob, String
safeFileName) throws Moj
if (buildLogFile != null && buildLogFile.exists()) {
getLog().debug("fileLogger:" + buildLogFile);
try {
- systemOut.setValue(FileUtils.fileRead(buildLogFile));
+
systemOut.setValue(StringEscapeUtils.escapeXml10(FileUtils.fileRead(buildLogFile)));
Review Comment:
One thing I don't yet understand is what the "value" being set here is in
Xpp3Dom. I *think* (could be wrong) it's supposed to be the raw text to be
output, which means Xpp3Dom is in fact not a document object model at all. The
confusion between object model and serialized form is a real problem with
Xpp3Dom.
##########
src/main/java/org/apache/maven/plugins/invoker/AbstractInvokerMojo.java:
##########
@@ -1640,7 +1642,7 @@ private void runBuild(
}
} catch (RunFailureException e) {
buildJob.setResult(e.getType());
- buildJob.setFailureMessage(e.getMessage());
+
buildJob.setFailureMessage(StringEscapeUtils.escapeXml10(e.getMessage()));
Review Comment:
I haven't followed through the complete code yet, but the failure message
should generally only be escaped once, and that should be left to the XML
writer. That is, don't escape a string that appears in PCDATA or an attribute
value. Let the writer do that.
This all assumes that the writer does correctly escape everything. Some
libraries have borked this up in one way or another. Looking at it now
Xpp3DomWriter is a mess and doesn't have a clean model of when and what to
escape. It seems to confuse the unescaped model strings with the serialized
escaped strings, and switches back and forth between escaped or not depending
on switches.
I'm not sure exactly how to fix this issue. Really what needs to happen is
either fix XPP3DomWriter and likely XPPDom, while breaking the API and all
existing dependents, or switch to a better designed XML library here. Short of
that maybe you can make this work with enough unit tests.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]