diff options
| author | Tor Norbye <tnorbye@google.com> | 2012-09-18 18:08:37 -0700 |
|---|---|---|
| committer | Tor Norbye <tnorbye@google.com> | 2012-09-18 18:08:52 -0700 |
| commit | 454f0e05d3e202320b0cd7bc176360458e88658e (patch) | |
| tree | 0763e42a33ff136e89ed56a44fd38f51ec6a698b /common/src/com/android | |
| parent | 005c9879219df96beee1d1e28b82b3b0e19bc2ed (diff) | |
| download | sdk-454f0e05d3e202320b0cd7bc176360458e88658e.zip sdk-454f0e05d3e202320b0cd7bc176360458e88658e.tar.gz sdk-454f0e05d3e202320b0cd7bc176360458e88658e.tar.bz2 | |
37497: Templates should escape string literals in resource files
If the user enters an activity title like "Android's Tools" in the new
template wizard, an invalid strings.xml file is generated, since the
apostrophe is not properly escaped.
To fix this, there's a new string conversion method in the template
engine, "escapeXmlString", which will perform all the necessary
conversions.
It also adds two other XML escaping functions: one to escape text to
be suitable for XML attribute values, and one to be suitable for XML
text values.
Finally, when verifying this, I discovered that if I inserted
ampersands in the MasterDetail template, I ended up with errors in
various places there a filename was derived from the input string. To
help make this work better, there's also a new "extractLetters" method
which pulls all the characters out of a string (effectively stripping
whitespace and punctuation).
In addition to the above 4 new string conversion methods, the
templates have been updated to use them, and the template format
documentation updated.
Change-Id: I4d4e854ab78d63bc86b8eb0fb9d92246534615e7
Diffstat (limited to 'common/src/com/android')
| -rw-r--r-- | common/src/com/android/utils/XmlUtils.java | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/common/src/com/android/utils/XmlUtils.java b/common/src/com/android/utils/XmlUtils.java index 73e1d11..94b7405 100644 --- a/common/src/com/android/utils/XmlUtils.java +++ b/common/src/com/android/utils/XmlUtils.java @@ -182,6 +182,27 @@ public class XmlUtils { } /** + * Converts the given attribute value to an XML-text-safe value, meaning that + * less than and ampersand characters are escaped. + * + * @param textValue the text value to be escaped + * @return the escaped value + */ + @NonNull + public static String toXmlTextValue(@NonNull String textValue) { + for (int i = 0, n = textValue.length(); i < n; i++) { + char c = textValue.charAt(i); + if (c == '<' || c == '&') { + StringBuilder sb = new StringBuilder(2 * textValue.length()); + appendXmlTextValue(sb, textValue); + return sb.toString(); + } + } + + return textValue; + } + + /** * Appends text to the given {@link StringBuilder} and escapes it as required for a * DOM attribute node. * |