You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2017/10/18 13:30:35 UTC
svn commit: r1812513 - /tomcat/trunk/java/org/apache/tomcat/util/security/Escape.java

Author: markt
Date: Wed Oct 18 13:30:35 2017
New Revision: 1812513

URL: http://svn.apache.org/viewvc?rev=1812513&view=rev
Log:
Improvements and copy/paste fix after kkolinko review

Modified:
    tomcat/trunk/java/org/apache/tomcat/util/security/Escape.java

Modified: tomcat/trunk/java/org/apache/tomcat/util/security/Escape.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/security/Escape.java?rev=1812513&r1=1812512&r2=1812513&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/security/Escape.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/security/Escape.java Wed Oct 18 13:30:35 2017
@@ -52,25 +52,25 @@ public class Escape {
             } else if (c == '>') {
                 sb.append("&gt;");
             } else if (c == '\'') {
-                sb.append("&#x27;");
+                sb.append("&#39;");
             } else if (c == '&') {
                 sb.append("&amp;");
             } else if (c == '"') {
                 sb.append("&quot;");
             } else if (c == '/') {
-                sb.append("&#x2F;");
+                sb.append("&#47;");
             } else {
                 sb.append(c);
             }
         }
 
-        return sb.toString();
+        return (sb.length() > content.length()) ? sb.toString() : content;
     }
 
 
     /**
      * Convert the object to a string via {@link Object#toString()} and HTML
-     * escape the resulting string for use in HTMl content.
+     * escape the resulting string for use in HTML content.
      *
      * @param obj       The object to convert to String and then escape
      *
@@ -83,7 +83,7 @@ public class Escape {
         }
 
         try {
-            return xml(obj.toString());
+            return htmlElementContent(obj.toString());
         } catch (Exception e) {
             return null;
         }
@@ -109,8 +109,8 @@ public class Escape {
      * @param ifNull    The value to return if content is {@code null}
      * @param content   The content to escape
      *
-     * @return  The escaped content or the value of ifNull if the content was
-     *          {@code null}
+     * @return  The escaped content or the value of {@code ifNull} if the
+     *          content was {@code null}
      */
     public static String xml(String ifNull, String content) {
         return xml(ifNull, false, content);
@@ -155,6 +155,6 @@ public class Escape {
             }
         }
 
-        return sb.toString();
+        return (sb.length() > content.length()) ? sb.toString(): content;
     }
 }



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org