You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "Owen Jacobson (JIRA)" <ji...@codehaus.org> on 2008/12/27 00:05:19 UTC

[jira] Commented: (MASSEMBLY-378) Property expansion in assembly/component descriptors does not escape &, <, >, ", or '

    [ http://jira.codehaus.org/browse/MASSEMBLY-378?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=159234#action_159234 ] 

Owen Jacobson commented on MASSEMBLY-378:
-----------------------------------------

I had a crack at fixing this myself, but the obvious solution of running expansions through commons-lang's StringEscapeUtils.escapeXml causes expansions in non-XML files to go a bit weird.  In general the plugin can't (and probably shouldn't) protect users from themselves, so detecting when it's filtering XML content is overkill, but for cases where the right answer is obvious (like the descriptors) XML-aware substitution or even modification against the DOM tree rather than against text might be better.

> Property expansion in assembly/component descriptors does not escape &, <, >, ", or '
> -------------------------------------------------------------------------------------
>
>                 Key: MASSEMBLY-378
>                 URL: http://jira.codehaus.org/browse/MASSEMBLY-378
>             Project: Maven 2.x Assembly Plugin
>          Issue Type: Bug
>    Affects Versions: 2.2-beta-2
>            Reporter: Owen Jacobson
>         Attachments: assembly-escaping-issues.zip
>
>
> I have a home directory that, for reasons that are mostly uninteresting, has a & in it. Using ${basedir} in my projects' assembly descriptors causes the XML parser for the descriptor to complain about
> {{[INFO] Error reading assemblies: Error reading descriptor at: src/main/assembly/examples.xml: Cannot read assembly descriptor from interpolating filter of serialized version.}}
> {{entity reference names can not start with character ' ' (position: START_TAG seen ...<directory>/Volumes/Network Users & ... @7:43)}}
> This seems to also be true for any other XML-magic character (any from the set &, <, >, ", or ').
> Attached is a zip of a minimal project that demonstrates the problem (even if your $HOME doesn't have & in it) way, buildable with {{mvn package}}.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira