From 4e2d6f8b2ea5be95c43b0ddac167f145387f0d11 Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Fri, 29 Aug 2008 12:01:45 +0000
Subject: [PATCH] SEC-967: TextUtils.java does not escape ampersand character
 http://jira.springframework.org/browse/SEC-967. Added escaping of '&'
 character

---
 .../main/java/org/springframework/security/util/TextUtils.java  | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/core/src/main/java/org/springframework/security/util/TextUtils.java b/core/src/main/java/org/springframework/security/util/TextUtils.java
index f24c635195..cd6e36d7e1 100644
--- a/core/src/main/java/org/springframework/security/util/TextUtils.java
+++ b/core/src/main/java/org/springframework/security/util/TextUtils.java
@@ -26,6 +26,8 @@ public abstract class TextUtils {
                 sb.append("&#034;");
             } else if (c == '\'') {
                 sb.append("&#039;");
+            } else if (c == '&') {
+                sb.append("&amp;");
             } else {
                 sb.append(c);
             }