You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by markap14 <gi...@git.apache.org> on 2018/08/14 18:44:23 UTC
[GitHub] nifi pull request #2929: NIFI-5474 ReplaceText RegexReplace evaluates payloa...
Github user markap14 commented on a diff in the pull request:
https://github.com/apache/nifi/pull/2929#discussion_r210061986
--- Diff: nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ReplaceText.java ---
@@ -701,6 +709,27 @@ private static String wrapLiterals(String possibleLiteral) {
return replacementFinal;
}
+ /**
+ * Escapes Expression Language like text from content Strings.
+ * <p>
+ * Since we do regular expression replacement on the content and then do Expression Language
+ * evaluations afterwards, it is possible that if there are Expression Language like text
+ * in the content that they will be evaluated when they should not be.
+ * </p>
+ * <p>
+ * This function is called to escape any such construct by prefixing a second $ to the ${...} text.
+ * </p>
+ *
+ * @param content the content that may contain Expression Language like text
+ * @return A {@code String} with any Expression Language text escaped with a $.
+ */
+ private static String escapeExpressionsInContent(String content) {
+ if (!content.contains("${")) {
+ return content;
+ }
+ return content.replaceAll("(\\$\\{.*\\})","\\$$1");
--- End diff --
I don't believe this is going to properly escape the Expression Language. If you encounter something simple like `${greeting}`it will work ok. But if it encounters `$${greeting}`, this will change that into `$$${greeting}` which will be interpreted as an escaped dollar-sign followed by the expression `${greeting}`.
The question here is - why are we evaluating Expression Language against the content of the FlowFile? I don't think we should be doing that at all..
---