From 2d7fac3168177ece14d4a370a5fce5eefde1a709 Mon Sep 17 00:00:00 2001 From: Maxim Nesen Date: Thu, 23 May 2019 09:57:28 +0200 Subject: [PATCH] Fix ValidationErrorMessageBodyWriter Signed-off-by: Maxim Nesen --- .../ValidationErrorMessageBodyWriter.java | 28 ++++++++++++------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/ext/bean-validation/src/main/java/org/glassfish/jersey/server/validation/internal/ValidationErrorMessageBodyWriter.java b/ext/bean-validation/src/main/java/org/glassfish/jersey/server/validation/internal/ValidationErrorMessageBodyWriter.java index 63832465e8..84e2a00c05 100644 --- a/ext/bean-validation/src/main/java/org/glassfish/jersey/server/validation/internal/ValidationErrorMessageBodyWriter.java +++ b/ext/bean-validation/src/main/java/org/glassfish/jersey/server/validation/internal/ValidationErrorMessageBodyWriter.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2018 Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2019 Oracle and/or its affiliates. All rights reserved. * * This program and the accompanying materials are made available under the * terms of the Eclipse Public License v. 2.0, which is available at @@ -48,19 +48,17 @@ public boolean isWriteable(final Class type, return isSupportedMediaType(mediaType) && isSupportedType(type, genericType); } - private boolean isSupportedType(final Class type, final Type genericType) { + private static boolean isSupportedType(final Class type, final Type genericType) { if (ValidationError.class.isAssignableFrom(type)) { return true; - } else if (Collection.class.isAssignableFrom(type)) { - if (genericType instanceof ParameterizedType) { - return ValidationError.class - .isAssignableFrom((Class) ((ParameterizedType) genericType).getActualTypeArguments()[0]); - } + } else if (Collection.class.isAssignableFrom(type) && (genericType instanceof ParameterizedType)) { + return ValidationError.class + .isAssignableFrom((Class) ((ParameterizedType) genericType).getActualTypeArguments()[0]); } return false; } - private boolean isSupportedMediaType(final MediaType mediaType) { + private static boolean isSupportedMediaType(final MediaType mediaType) { return MediaType.TEXT_HTML_TYPE.equals(mediaType) || MediaType.TEXT_PLAIN_TYPE.equals(mediaType); } @@ -118,7 +116,9 @@ public void writeTo(final Object entity, // Invalid value. builder.append(isPlain ? "invalidValue = " : ("invalidValue = ")); - builder.append(isPlain ? error.getInvalidValue() : (error.getInvalidValue() + "")); + builder.append(isPlain ? error.getInvalidValue() + : escapeHtml(error.getInvalidValue()).concat("") + ); builder.append(')'); @@ -137,4 +137,12 @@ public void writeTo(final Object entity, entityStream.write(builder.toString().getBytes(MessageUtils.getCharset(mediaType))); entityStream.flush(); } -} + + private static final String escapeHtml(String origin) { + return origin == null ? "" + : origin.replaceAll("&", "&") + .replaceAll("\"", """) + .replaceAll("<", "<") + .replaceAll(">", ">"); + } +} \ No newline at end of file