[prev in list] [next in list] [prev in thread] [next in thread]
List: velocity-dev
Subject: [jira] [Commented] (VELTOOLS-197) xmlTool.find("./text()") (XPATH) not the same as xmlTool.getText (
From: "Michael Osipov (Jira)" <dev () velocity ! apache ! org>
Date: 2023-03-23 15:04:00
Message-ID: JIRA.13485843.1665567758000.183270.1679583840108 () Atlassian ! JIRA
[Download RAW message or body]
[ https://issues.apache.org/jira/browse/VELTOOLS-197?page=com.atlassian.jira.plugi \
n.system.issuetabpanels:comment-tabpanel&focusedCommentId=17704189#comment-17704189 ] \
Michael Osipov commented on VELTOOLS-197:
-----------------------------------------
I absolutely agree on the trim. Violates POLA.
> xmlTool.find("./text()") (XPATH) not the same as xmlTool.getText () (METHOD) when & \
> in text
> -------------------------------------------------------------------------------------------
>
> Key: VELTOOLS-197
> URL: https://issues.apache.org/jira/browse/VELTOOLS-197
> Project: Velocity Tools
> Issue Type: Bug
> Components: GenericTools
> Affects Versions: 3.1
> Reporter: steven van vlierberghe
> Priority: Major
>
> #foreach ($item2 in $xmlf1.find("/input/rep/x"))
> xpath: ${item2.find("./text()")} xml: $item2.getText()
> #end
> with $xmlf1 an XmlTool instance initialized on the following inputfile:
> {code:java}
> <input>
> <rep>
> <x>R&R</x>
> <x>R&B</x>
> </rep>
> </input>
> {code}
> using VeloctityTools-XmlTool 2.0 : find("./text()") returns same as getText() \
> for an xmlTool instance (and complying with the expectation) {code:java}
> xpath: R&R xml: R&R
> xpath: R&B xml: R&B
> {code}
> However, using XmlTool 3.1, the xpath construct does not return the same as the \
> getText, so the xpath does not comply with expectation
> {code:java}
> xpath: R&R xml: R&R
> xpath: R&B xml: R&B
> {code}
>
> PS:
> it can be solved in 3.1, by replacing $item2.find("./text()") by \
> $item2.find("./text()").node().getNodeValue() BUT
> this really requires to adapt the script
> the actual problem is that I give support in our software to users for running \
> their own Velocity scripts in our software. In the next version of our software, we \
> upgraded Velocity + VelocityTools to 3.1 and as a consequence, scripts of the \
> users might break; meaning, this regression issue will impose our users to have \
> to adapt their scripts that are used in production and for sure, they will not be \
> happy having to do so
> PS2: also have the impression that plainly rendering $item2.find("./text()") as \
> String also looses leading and trailing white space
> PS: the actual reason for upgrading VelocityTools (2.0 > 3.1) is that VeraCode \
> flags the 2.0-related velocity libraries having vulnerabilities (and also dependent \
> libraries like common- beanutils); these vulnerabilities have been solved in 3.1. \
> Because there are (to us important) regression issues with upgrading the velocity \
> stuff, we cannot upgrade and therefor remain stuck with flagged vulnerabilities in \
> our software.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@velocity.apache.org
For additional commands, e-mail: dev-help@velocity.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic