Re: [xwiki-devs] [xwiki-notifications] r29955 - platform/xwiki-plugins/trunk/skinx/src/main/java/com/xpn/xwiki/plugin/skinx

On Jul 3, 2010, at 4:21 PM, sdumitriu (SVN) wrote: > Author: sdumitriu > Date: 2010-07-03 16:21:17 +0200 (Sat, 03 Jul 2010) > New Revision: 29955 > > Modified: > platform/xwiki-plugins/trunk/skinx/src/main/java/com/xpn/xwiki/plugin/skinx/AbstractSkinExtensionPlugin.java > Log: > [misc] Improved URL escaping method > > Modified: platform/xwiki-plugins/trunk/skinx/src/main/java/com/xpn/xwiki/plugin/skinx/AbstractSkinExtensionPlugin.java > =================================================================== > --- platform/xwiki-plugins/trunk/skinx/src/main/java/com/xpn/xwiki/plugin/skinx/AbstractSkinExtensionPlugin.java 2010-07-03 12:50:27 UTC (rev 29954) > +++ platform/xwiki-plugins/trunk/skinx/src/main/java/com/xpn/xwiki/plugin/skinx/AbstractSkinExtensionPlugin.java 2010-07-03 14:21:17 UTC (rev 29955) > @@ -20,6 +20,8 @@ > > package com.xpn.xwiki.plugin.skinx; > > +import java.io.UnsupportedEncodingException; > +import java.net.URLEncoder; > import java.util.Collections; > import java.util.HashMap; > import java.util.LinkedHashSet; > @@ -27,7 +29,6 @@ > import java.util.Set; > import java.util.Map.Entry; > > -import org.apache.commons.lang.StringUtils; > import org.apache.commons.logging.Log; > import org.apache.commons.logging.LogFactory; > > @@ -307,10 +308,11 @@ > protected String sanitize(String value) > { > String result = value; > - result = StringUtils.replace(result, "\"", "%22"); > - result = StringUtils.replace(result, "'", "%27"); > - result = StringUtils.replace(result, "<", "%3C"); > - result = StringUtils.replace(result, ">", "%3E"); > + try { > + result = URLEncoder.encode(value, "UTF-8"); > + } catch (UnsupportedEncodingException ex) { > + // Should never happen. > + } What if it happens (if the exception is there it means it can happen)? Shouldn't you at least log an error or warning that says the result is left as is without being encoded?