Skip to content

Commit 4dbf2e0

Browse files
stephen-webbstephen-webb
committed
Best practice suggests escaping greater than and less than characters in attribute data
1 parent d617f0c commit 4dbf2e0

File tree

4 files changed

+11
-43
lines changed

4 files changed

+11
-43
lines changed

src/main/cpp/htmllayout.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -127,7 +127,7 @@ void HTMLLayout::format(LogString& output,
127127
output.append(LOG4CXX_EOL);
128128

129129
output.append(LOG4CXX_STR("<td title=\""));
130-
Transform::appendEscapingQuote(output, event->getLoggerName());
130+
Transform::appendEscapingTags(output, event->getLoggerName());
131131
output.append(LOG4CXX_STR(" logger\">"));
132132
Transform::appendEscapingTags(output, event->getLoggerName());
133133
output.append(LOG4CXX_STR("</td>"));

src/main/cpp/transform.cpp

Lines changed: 0 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -129,28 +129,3 @@ void Transform::appendEscapingCDATA(
129129

130130
buf.append(input, start, input.length() - start);
131131
}
132-
133-
void Transform::appendEscapingQuote(
134-
LogString& buf, const LogString& input)
135-
{
136-
if (input.empty())
137-
return;
138-
logchar quote { 0x22 /* " */ };
139-
size_t start = 0;
140-
size_t index = input.find(quote, start);
141-
142-
while (index != input.npos)
143-
{
144-
if (start < index)
145-
buf.append(input, start, index - start);
146-
buf.append(LOG4CXX_STR("&quot;"));
147-
start = index + 1;
148-
if (start < input.size())
149-
index = input.find(quote, start);
150-
else
151-
index = input.npos;
152-
}
153-
154-
if (start < input.size())
155-
buf.append(input, start, input.size() - start);
156-
}

src/main/cpp/xmllayout.cpp

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -80,13 +80,13 @@ void XMLLayout::format(LogString& output,
8080
{
8181
output.reserve(m_priv->expectedPatternLength + event->getMessage().size());
8282
output.append(LOG4CXX_STR("<log4j:event logger=\""));
83-
Transform::appendEscapingQuote(output, event->getLoggerName());
83+
Transform::appendEscapingTags(output, event->getLoggerName());
8484
output.append(LOG4CXX_STR("\" timestamp=\""));
8585
StringHelper::toString(event->getTimeStamp() / 1000L, p, output);
8686
output.append(LOG4CXX_STR("\" level=\""));
87-
Transform::appendEscapingQuote(output, event->getLevel()->toString());
87+
Transform::appendEscapingTags(output, event->getLevel()->toString());
8888
output.append(LOG4CXX_STR("\" thread=\""));
89-
Transform::appendEscapingQuote(output, event->getThreadName());
89+
Transform::appendEscapingTags(output, event->getThreadName());
9090
output.append(LOG4CXX_STR("\">"));
9191
output.append(LOG4CXX_EOL);
9292

@@ -112,13 +112,13 @@ void XMLLayout::format(LogString& output,
112112
output.append(LOG4CXX_STR("<log4j:locationInfo class=\""));
113113
const LocationInfo& locInfo = event->getLocationInformation();
114114
LOG4CXX_DECODE_CHAR(className, locInfo.getClassName());
115-
Transform::appendEscapingQuote(output, className);
115+
Transform::appendEscapingTags(output, className);
116116
output.append(LOG4CXX_STR("\" method=\""));
117117
LOG4CXX_DECODE_CHAR(method, locInfo.getMethodName());
118-
Transform::appendEscapingQuote(output, method);
118+
Transform::appendEscapingTags(output, method);
119119
output.append(LOG4CXX_STR("\" file=\""));
120120
LOG4CXX_DECODE_CHAR(fileName, locInfo.getFileName());
121-
Transform::appendEscapingQuote(output, fileName);
121+
Transform::appendEscapingTags(output, fileName);
122122
output.append(LOG4CXX_STR("\" line=\""));
123123
StringHelper::toString(locInfo.getLineNumber(), p, output);
124124
output.append(LOG4CXX_STR("\"/>"));
@@ -142,9 +142,9 @@ void XMLLayout::format(LogString& output,
142142
if (event->getMDC(key, value))
143143
{
144144
output.append(LOG4CXX_STR("<log4j:data name=\""));
145-
Transform::appendEscapingQuote(output, key);
145+
Transform::appendEscapingTags(output, key);
146146
output.append(LOG4CXX_STR("\" value=\""));
147-
Transform::appendEscapingQuote(output, value);
147+
Transform::appendEscapingTags(output, value);
148148
output.append(LOG4CXX_STR("\"/>"));
149149
output.append(LOG4CXX_EOL);
150150
}
@@ -157,9 +157,9 @@ void XMLLayout::format(LogString& output,
157157
if (event->getProperty(key, value))
158158
{
159159
output.append(LOG4CXX_STR("<log4j:data name=\""));
160-
Transform::appendEscapingQuote(output, key);
160+
Transform::appendEscapingTags(output, key);
161161
output.append(LOG4CXX_STR("\" value=\""));
162-
Transform::appendEscapingQuote(output, value);
162+
Transform::appendEscapingTags(output, value);
163163
output.append(LOG4CXX_STR("\"/>"));
164164
output.append(LOG4CXX_EOL);
165165
}

src/main/include/log4cxx/helpers/transform.h

Lines changed: 0 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -54,13 +54,6 @@ class LOG4CXX_EXPORT Transform
5454
*/
5555
static void appendEscapingCDATA(
5656
LogString& buf, const LogString& input);
57-
58-
/**
59-
* Add \c input to \c buf with double quote characters replaced with <b>&amp;quot;</b>.
60-
*
61-
* @param buf output stream holding the XML data to this point.
62-
*/
63-
static void appendEscapingQuote(LogString& buf, const LogString& input);
6457
}; // class Transform
6558
} // namespace helpers
6659
} //namespace log4cxx

0 commit comments

Comments
 (0)