search

yawlfoundation / yawl

Yet Another Workflow Language
http://www.yawlfoundation.org
GNU Lesser General Public License v3.0
88 stars 35 forks source link

WorkItemRecord.toXML() returns invalid XML when taskName or documentation contains & #618

Closed mlawry closed 6 years ago

mlawry commented 6 years ago

This is similar to issue #614.

WorkItemRecord.java's toXML() method calls:

xml.append(StringUtil.wrap(_taskName, "taskname"));
xml.append(StringUtil.wrap(_documentation, "documentation"));

When _documentation contains '&' the output is invalid because it is not escaped as &. Same goes for _taskName.

May be should use StringUtil.wrapEscaped instead of StringUtil.wrap.

mlawry commented 6 years ago

May be all wrap calls in WorkItemRecord.toXML() method should use StringUtil.wrapEscaped?

adamsmj commented 6 years ago

Fixed and in repo.

Most data is already escaped elsewhere, only necessary to do data members as required