On 07/03/2010 04:25 PM, Vincent Massol wrote:
On Jul 3, 2010, at 4:21 PM, sdumitriu (SVN) wrote:
> Author: sdumitriu
> Date: 2010-07-03 16:21:17 +0200 (Sat, 03 Jul 2010)
> New Revision: 29955
>
> Modified:
>
platform/xwiki-plugins/trunk/skinx/src/main/java/com/xpn/xwiki/plugin/skinx/AbstractSkinExtensionPlugin.java
> Log:
> [misc] Improved URL escaping method
>
> Modified:
platform/xwiki-plugins/trunk/skinx/src/main/java/com/xpn/xwiki/plugin/skinx/AbstractSkinExtensionPlugin.java
> ===================================================================
> ---
platform/xwiki-plugins/trunk/skinx/src/main/java/com/xpn/xwiki/plugin/skinx/AbstractSkinExtensionPlugin.java 2010-07-03
12:50:27 UTC (rev 29954)
> +++
platform/xwiki-plugins/trunk/skinx/src/main/java/com/xpn/xwiki/plugin/skinx/AbstractSkinExtensionPlugin.java 2010-07-03
14:21:17 UTC (rev 29955)
> @@ -20,6 +20,8 @@
>
> package com.xpn.xwiki.plugin.skinx;
>
> +import java.io.UnsupportedEncodingException;
> +import java.net.URLEncoder;
> import java.util.Collections;
> import java.util.HashMap;
> import java.util.LinkedHashSet;
> @@ -27,7 +29,6 @@
> import java.util.Set;
> import java.util.Map.Entry;
>
> -import org.apache.commons.lang.StringUtils;
> import org.apache.commons.logging.Log;
> import org.apache.commons.logging.LogFactory;
>
> @@ -307,10 +308,11 @@
> protected String sanitize(String value)
> {
> String result = value;
> - result = StringUtils.replace(result, "\"", "%22");
> - result = StringUtils.replace(result, "'", "%27");
> - result = StringUtils.replace(result, "<", "%3C");
> - result = StringUtils.replace(result, ">", "%3E");
> + try {
> + result = URLEncoder.encode(value, "UTF-8");
> + } catch (UnsupportedEncodingException ex) {
> + // Should never happen.
> + }
What if it happens (if the exception is there it means it can happen)? Shouldn't you
at least log an error or warning that says the result is left as is without being encoded?
You mean in case UTF-8 suddenly disappears from Java?
In case the JVM doesn't support that encoding indeed. Does it say anywhere that it
always support UTF8?