Affects: 5.3.14 and earlier
If you want to load a DTD configuration file, <! -- Different positions from --> will affect the loading of spring.
If my profile is written like this:
<?xml version="1.0" encoding="UTF-8"?>
<!--
DOCTYPE --> <!-- -->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">
</beans>
Then, when Spring is used to load the configuration file, an exception will appear.
This is because there is a bug when determining the profile validation pattern.
In org.springframework.util.xml.XmlValidationModeDetector,Spring analyzes programs one line at a time.
However, each analysis focuses only on the first <!-- in each line. Spring will put <!-- The previous content is not considered as a comment.
Thus, the situation in the above example is ignored.
I think that can result in org.springframework.util.xml.XmlValidationModeDetector#consumeCommentTokens(String line) return to add the following code before:
@Nullable
private String consumeCommentTokens(String line) {
int indexOfStartComment = line.indexOf(START_COMMENT);
if (indexOfStartComment == -1 && !line.contains(END_COMMENT)) {
return line;
}
String result = "";
String currLine = line;
if (indexOfStartComment >= 0) {
result = line.substring(0, indexOfStartComment);
currLine = line.substring(indexOfStartComment);
}
while ((currLine = consume(currLine)) != null) {
if (!this.inComment && !currLine.trim().startsWith(START_COMMENT)) {
int index = result.indexOf(END_COMMENT);
if(index != -1) result = result.substring(index + END_COMMENT.length());
return result + currLine;
}
}
return null;
}
It can be removed in front of '-->'.
Comment From: sbrannen
This is closely related to:
-
23605
Thanks for raising the issue. We'll look into it.
Comment From: sbrannen
The proposed change results in a StringIndexOutOfBoundsException for an existing test in XmlValidationModeDetectorTests. So we'll investigate an alternative solution.
Comment From: shooye
The proposed change results in a
StringIndexOutOfBoundsExceptionfor an existing test inXmlValidationModeDetectorTests. So we'll investigate an alternative solution.
@sbrannen
Sorry, my carelessness caused StringIndexOutOfBoundsException.
I tried to modify the org.springframework.util.xml.XmlValidationModeDetector.Probably changed two or three methods:
I created 15 XML files and generated several random XML files using the program.
These files even contain the following extreme cases:
<!DOC<!-- comment -->TYPE beans PUBLIC "-//SPRING//DTD BEAN 2.0//EN" "https://www.springframework.org/dtd/spring-beans-2.0.dtd">
All files passed the test.
I package and upload the modified code and these test files.I hope my method can solve this problem.
Comment From: sbrannen
Hi @shooye,
Thanks for working on it and providing the ZIP file.
I took a look at it, and it appears to fix the issue; however, I noticed that you introduced a second boolean flag to track whether we're "in a comment", and I thought we would still only need a single flag for that.
In any case, the proper way to submit a fix is via a PR so that we can be sure you have signed the contributor agreement.
If you have time to submit a PR, that would be great. Otherwise, I will likely attempt to fix the issue myself.
Cheers,
Sam