Am Freitag, 03.01.03 um 23:48 Uhr schrieb Roberto Casanova:
I see another problem with this code.
Suppose for some reason we have an attribute or resource parameter value
like the following (without the quotes):
"> corresponds to >"
The correct XML for this string is:
"> corresponds to >"
However this code would write to server.xml:
"> corresponds to >"
The next time the server.xml file is read in, we end up with:
"> corresponds to >"
which is different than the original string.
In my opinion this portion of the code should be left as it was in
revision 1.32:
Actually, after reading the code in context (that is, I've had a look at StandardServer.java), I agree with this. The change to convertStr() results in inconsistent handling of input strings.
The question I've been asking myself is: Why should convertStr() treat the input string as if it was a mixture of unescaped and already escaped <,>,&,' and " characters? Since I still don't have the full context, I don't know where the input string comes from, so I can't really answer that. If the input string comes from a form, it should be treated as in revision 1.32, because of what Roberto points out. If it comes from an XML file, no conversion should be necessary, because the XML parser checks for well-formedness of the input file - unless the parser resolves the entity and character references before passing the string, in which case the conversion becomes necessary again. (Wow, I hope this doesn't sound like complete drivel... ;-)) Ciao, Christoph -- --- Christoph Seibert [EMAIL PROTECTED] --- -- Farlon Dragon -==(UDIC)==- http://home.pages.de/~seibert/ -- - Who can possibly rule if no one - - who wants to can be allowed to? - D. Adams, HHGTTG - -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
