[FIXED JENKINS-17309] Escape message texts that contain XML symbols.

jenkinsci · Aug 9, 2013 · 32bd28c · 32bd28c
1 parent 57f1143
commit 32bd28c
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 1 deletion.
diff --git a/src/main/java/hudson/plugins/analysis/util/model/AbstractAnnotation.java b/src/main/java/hudson/plugins/analysis/util/model/AbstractAnnotation.java
@@ -6,6 +6,7 @@
 import java.util.Collections;
 
 import org.apache.commons.io.FilenameUtils;
+import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang.StringUtils;
 import org.kohsuke.stapler.export.Exported;
 import org.kohsuke.stapler.export.ExportedBean;
@@ -92,7 +93,7 @@ public abstract class AbstractAnnotation implements FileAnnotation, Serializable
      */
     @edu.umd.cs.findbugs.annotations.SuppressWarnings("ST")
     public AbstractAnnotation(final String message, final int start, final int end, final String category, final String type) {
-        this.message = TreeString.of(StringUtils.strip(message));
+        this.message = TreeString.of(StringUtils.strip(StringEscapeUtils.escapeXml(message)));
         this.category = StringUtils.defaultString(category);
         this.type = StringUtils.defaultString(type);
 
@@ -223,6 +224,16 @@ public static Collection<FileAnnotation> intern(final Collection<FileAnnotation>
         return annotations;
     }
 
+    /**
+     * Sets the column position of this warning.
+     *
+     * @param column
+     *            the column of this warning
+     */
+    public void setColumnPosition(final int column) {
+        setColumnPosition(column, column);
+    }
+
     /**
      * Sets the column position of this warning.
      *

diff --git a/src/test/java/hudson/plugins/analysis/util/model/AbstractAnnotationTest.java b/src/test/java/hudson/plugins/analysis/util/model/AbstractAnnotationTest.java
@@ -39,6 +39,19 @@ public void testCompareTo() {
         verifyOrder(warnings, false);
     }
 
+    /**
+     * Verifies that the message contains escaped XML characters.
+     *
+     * @see <a href="http://issues.jenkins-ci.org/browse/JENKINS-17287">Issue 17287</a>
+     */
+    @Test
+    public void issue17287() {
+        Warning warning = new Warning(Priority.HIGH, "dereferencing pointer '<anonymous>' does break strict-aliasing rules",
+                0, 0, "category", "type");
+
+        assertEquals("Wrong message escaping", "dereferencing pointer &apos;&lt;anonymous&gt;&apos; does break strict-aliasing rules", warning.getMessage());
+    }
+
     private void verifyOrder(final List<AbstractAnnotation> warnings, final boolean isAscending) {
         int position = 0;
         for (AbstractAnnotation warning : warnings) {