You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2005/02/12 16:16:55 UTC

DO NOT REPLY [Bug 33535] New: - invalid XML in directory listing with names containing "&"

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=33535>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=33535

           Summary: invalid XML in directory listing with names containing
                    "&"
           Product: Tomcat 5
           Version: 5.5.7
          Platform: PC
        OS/Version: All
            Status: NEW
          Severity: minor
          Priority: P2
         Component: Catalina
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: Peter.Moerchen@arcor.de


I used an XSLT stylesheet to format directory listings. When listing a directory
which name (or any of its files' names) contained a "&" character, the generated
XML code contained an unmasked &, wich meens it was invalid and produced an error.

The source of the error is located in the DefaultServlet.java where in the
protected method renderXml two Strings have to be checked for illegal XML
characters: cacheEntry.name as the value of the directory attribute of the
listing tag and trimmed that is filled from resourceName and used as the content
of the entry tag. In my opinion it would perhaps be good to replace > and < by
&gt; and &lt; too, even if I don't know if anyone uses (or even can use) them in
file names. As for " this would make problems in the attribute value - and again
I don't know where this would happen to be in a directory name.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org