[Yanel-commits] rev 50167 -
public/yanel/trunk/src/contributions/resources/search/src/java/org/wyona/yanel/impl/resources/search
memo at wyona.com
memo at wyona.com
Thu Jun 3 16:02:48 CEST 2010
Author: memo
Date: 2010-06-03 16:02:48 +0200 (Thu, 03 Jun 2010)
New Revision: 50167
Modified:
public/yanel/trunk/src/contributions/resources/search/src/java/org/wyona/yanel/impl/resources/search/SearchResource.java
Log:
XML escaping for query string added
Modified: public/yanel/trunk/src/contributions/resources/search/src/java/org/wyona/yanel/impl/resources/search/SearchResource.java
===================================================================
--- public/yanel/trunk/src/contributions/resources/search/src/java/org/wyona/yanel/impl/resources/search/SearchResource.java 2010-06-03 13:59:55 UTC (rev 50166)
+++ public/yanel/trunk/src/contributions/resources/search/src/java/org/wyona/yanel/impl/resources/search/SearchResource.java 2010-06-03 14:02:48 UTC (rev 50167)
@@ -17,6 +17,7 @@
import org.apache.avalon.framework.configuration.Configuration;
import org.apache.avalon.framework.configuration.ConfigurationUtil;
+import org.apache.commons.lang.StringEscapeUtils;
/**
* Search resource
@@ -75,7 +76,7 @@
String query = getRequest().getParameter(QUERY_NAME);
if (query != null && query.length() > 0) {
- sb.append("<y:query>" + query + "</y:query>");
+ sb.append("<y:query>" + StringEscapeUtils.escapeXml(query) + "</y:query>");
try {
Result[] results;
if (provider.equals(DEFAULT_PROVIDER)) {
@@ -97,7 +98,7 @@
sb.append("<y:result url=\"" + results[i].getURL() + "\">");
if (results[i].getTitle() != null) {
log.debug("Title: " + results[i].getTitle());
- sb.append(" <y:title>" + org.apache.commons.lang.StringEscapeUtils.escapeXml(results[i].getTitle()) + "</y:title>");
+ sb.append(" <y:title>" + StringEscapeUtils.escapeXml(results[i].getTitle()) + "</y:title>");
} else {
sb.append(" <y:no-title/>");
}
More information about the Yanel-commits
mailing list