From 38837eddfd7709cdb52601529d0c7f3366af20c7 Mon Sep 17 00:00:00 2001 From: Juergen Hoeller Date: Wed, 27 Jul 2011 20:35:41 +0000 Subject: [PATCH] HtmlUtils properly escapes single quotes as well --- .../util/HtmlCharacterEntityReferences.java | 16 ++++++------- .../HtmlCharacterEntityReferences.properties | 5 +--- .../web/util/HtmlUtilsTests.java | 24 ++++++++++++------- 3 files changed, 24 insertions(+), 21 deletions(-) diff --git a/org.springframework.web/src/main/java/org/springframework/web/util/HtmlCharacterEntityReferences.java b/org.springframework.web/src/main/java/org/springframework/web/util/HtmlCharacterEntityReferences.java index 5009a69d349..4f91a68ebfe 100644 --- a/org.springframework.web/src/main/java/org/springframework/web/util/HtmlCharacterEntityReferences.java +++ b/org.springframework.web/src/main/java/org/springframework/web/util/HtmlCharacterEntityReferences.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2005 the original author or authors. + * Copyright 2002-2011 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -38,6 +38,8 @@ import org.springframework.util.Assert; */ class HtmlCharacterEntityReferences { + private static final String PROPERTIES_FILE = "HtmlCharacterEntityReferences.properties"; + static final char REFERENCE_START = '&'; static final String DECIMAL_REFERENCE_START = "&#"; @@ -49,12 +51,9 @@ class HtmlCharacterEntityReferences { static final char CHAR_NULL = (char) -1; - private static final String PROPERTIES_FILE = "HtmlCharacterEntityReferences.properties"; - - private final String[] characterToEntityReferenceMap = new String[3000]; - private final Map entityReferenceToCharacterMap = new HashMap(252); + private final Map entityReferenceToCharacterMap = new HashMap(252); /** @@ -63,7 +62,7 @@ class HtmlCharacterEntityReferences { public HtmlCharacterEntityReferences() { Properties entityReferences = new Properties(); - // Load refeence definition file. + // Load reference definition file InputStream is = HtmlCharacterEntityReferences.class.getResourceAsStream(PROPERTIES_FILE); if (is == null) { throw new IllegalStateException( @@ -82,7 +81,7 @@ class HtmlCharacterEntityReferences { "Failed to parse reference definition file [HtmlCharacterEntityReferences.properties]: " + ex.getMessage()); } - // Parse reference definition properites. + // Parse reference definition properties Enumeration keys = entityReferences.propertyNames(); while (keys.hasMoreElements()) { String key = (String) keys.nextElement(); @@ -96,6 +95,7 @@ class HtmlCharacterEntityReferences { } } + /** * Return the number of supported entity references. */ @@ -128,7 +128,7 @@ class HtmlCharacterEntityReferences { * Return the char mapped to the given entityReference or -1. */ public char convertToCharacter(String entityReference) { - Character referredCharacter = (Character) this.entityReferenceToCharacterMap.get(entityReference); + Character referredCharacter = this.entityReferenceToCharacterMap.get(entityReference); if (referredCharacter != null) { return referredCharacter.charValue(); } diff --git a/org.springframework.web/src/main/resources/org/springframework/web/util/HtmlCharacterEntityReferences.properties b/org.springframework.web/src/main/resources/org/springframework/web/util/HtmlCharacterEntityReferences.properties index f1f00c75178..75d3015792a 100644 --- a/org.springframework.web/src/main/resources/org/springframework/web/util/HtmlCharacterEntityReferences.properties +++ b/org.springframework.web/src/main/resources/org/springframework/web/util/HtmlCharacterEntityReferences.properties @@ -2,7 +2,6 @@ # A complete description of the HTML 4.0 character set can be found at: # http://www.w3.org/TR/html4/charset.html - # Character entity references for ISO 8859-1 characters 160 = nbsp @@ -102,7 +101,6 @@ 254 = thorn 255 = yuml - # Character entity references for symbols, mathematical symbols, and Greek letters 402 = fnof @@ -230,11 +228,11 @@ 9829 = hearts 9830 = diams - # Character entity references for markup-significant and internationalization characters 34 = quot 38 = amp +39 = #39 60 = lt 62 = gt 338 = OElig @@ -265,4 +263,3 @@ 8249 = lsaquo 8250 = rsaquo 8364 = euro - diff --git a/org.springframework.web/src/test/java/org/springframework/web/util/HtmlUtilsTests.java b/org.springframework.web/src/test/java/org/springframework/web/util/HtmlUtilsTests.java index 15f76846ed5..26d8f711b3c 100644 --- a/org.springframework.web/src/test/java/org/springframework/web/util/HtmlUtilsTests.java +++ b/org.springframework.web/src/test/java/org/springframework/web/util/HtmlUtilsTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2007 the original author or authors. + * Copyright 2002-2011 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,31 +16,36 @@ package org.springframework.web.util; -import junit.framework.TestCase; +import org.junit.Test; + +import static org.junit.Assert.*; /** * @author Alef Arendsen * @author Martin Kersten * @author Rick Evans */ -public class HtmlUtilsTests extends TestCase { +public class HtmlUtilsTests { + @Test public void testHtmlEscape() { - String unescaped = "\"This is a quote"; + String unescaped = "\"This is a quote'"; String escaped = HtmlUtils.htmlEscape(unescaped); - assertEquals(""This is a quote", escaped); + assertEquals(""This is a quote'", escaped); escaped = HtmlUtils.htmlEscapeDecimal(unescaped); - assertEquals(""This is a quote", escaped); + assertEquals(""This is a quote'", escaped); escaped = HtmlUtils.htmlEscapeHex(unescaped); - assertEquals(""This is a quote", escaped); + assertEquals(""This is a quote'", escaped); } + @Test public void testHtmlUnescape() { - String escaped = ""This is a quote"; + String escaped = ""This is a quote'"; String unescaped = HtmlUtils.htmlUnescape(escaped); - assertEquals(unescaped, "\"This is a quote"); + assertEquals(unescaped, "\"This is a quote'"); } + @Test public void testEncodeIntoHtmlCharacterSet() { assertNull("A null string should be converted to a null string", HtmlUtils.htmlEscape(null)); @@ -66,6 +71,7 @@ public class HtmlUtilsTests extends TestCase { "ϑ", HtmlUtils.htmlEscapeDecimal("" + (char) 977)); } + @Test public void testDecodeFromHtmlCharacterSet() { assertNull("A null string should be converted to a null string", HtmlUtils.htmlUnescape(null));