mattyb149 commented on a change in pull request #4683:
URL: https://github.com/apache/nifi/pull/4683#discussion_r528931706
##########
File path:
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/InvokeHTTP.java
##########
@@ -1122,7 +1123,7 @@ public long contentLength() {
final ComponentLog logger = getLogger();
for (String headerKey : dynamicPropertyNames) {
- String headerValue =
context.getProperty(headerKey).evaluateAttributeExpressions(requestFlowFile).getValue();
+ String headerValue =
StringEscapeUtils.escapeJava(context.getProperty(headerKey).evaluateAttributeExpressions(requestFlowFile).getValue());
Review comment:
Doesn't this assume that the server side has to unescape it? I'd rather
use OkHttp's mechanism for not validating header values, but that assumes a
later version and there are a whole set of Jira cases around the upgrade path,
due to security issues, breaking changes, etc.
Maybe instead we could add (un)escapeJava methods to Expression Language,
then the user can use those functions in EL to escape the values as they choose.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
