elharo commented on code in PR #242:
URL:
https://github.com/apache/maven-invoker-plugin/pull/242#discussion_r1605791199
##########
src/main/java/org/apache/maven/plugins/invoker/AbstractInvokerMojo.java:
##########
@@ -1640,7 +1642,7 @@ private void runBuild(
}
} catch (RunFailureException e) {
buildJob.setResult(e.getType());
- buildJob.setFailureMessage(e.getMessage());
+
buildJob.setFailureMessage(StringEscapeUtils.escapeXml10(e.getMessage()));
Review Comment:
Assuming buildJob is just an object that contains strings and other things,
but has no particular XML internals (like 99.9% of classes that contain
strings) nothing inside it should be escaped.
Ideally the XML writer should escape strings when it needs to. Or is the XML
writer is broken and won't do that, then the escaping should be done after the
string is extracted from the buildJob and before it's passed to the writer.
Escaping strings inside the buildJob breaks its semantics and tightly couples
all the classes together in one particularly brittle path.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
