Merge pull request #5465 from eclipse-ee4j/mojarra_issue_5464

Fix XML escaping when writing attributes

impl/src/main/java/com/sun/faces/util/HtmlUtils.java

@@ -217,6 +217,10 @@ static public void writeAttribute(Writer out, boolean escapeUnicode, boolean esc
                         // UNICODE entities: encode as needed
                         buffIndex = _writeDecRef(out, buff, buffIndex, buffLength, ch);
                     } else {
+                        if (forXml && !isAllowedXmlCharacter(ch)) {
+                            continue;
+                        }
+
                         buffIndex = addToBuffer(out, buff, buffIndex, buffLength, ch);
                     }
                 }
@@ -302,6 +306,10 @@ static public void writeAttribute(Writer out, boolean escapeUnicode, boolean esc
                     // UNICODE entities: encode as needed
                     buffIndex = _writeDecRef(out, buff, buffIndex, buffLength, ch);
                 } else {
+                    if (forXml && !isAllowedXmlCharacter(ch)) {
+                        continue;
+                    }
+
                     buffIndex = addToBuffer(out, buff, buffIndex, buffLength, ch);
                 }
             }
@@ -316,6 +324,11 @@ static private boolean isPrintableControlChar(int ch, boolean forXml) {
 
     }
 
+    public static boolean isAllowedXmlCharacter(int ch) {
+        // See https://www.w3.org/TR/xml/#charsets Character Range
+        return ch < 0x20 ? isPrintableControlChar(ch, true) : ch <= 0xD7FF || ch >= 0xE000 && ch <= 0xFFFD; 
+    }
+
     /**
      * Writes a character as a decimal escape. Hex escapes are smaller than the decimal version, but Netscape didn't support
      * hex escapes until 4.7.4.
@@ -550,8 +563,7 @@ static public void writeUnescapedTextForXML(Writer out, String text) throws IOEx
         for (int i = 0; i < length; i++) {
             final char ch = text.charAt(i);
 
-            if (ch < 0x20 ? isPrintableControlChar(ch, true) : ch <= 0xD7FF || ch >= 0xE000 && ch <= 0xFFFD) {
-                // Only those chars are allowed in XML. https://www.w3.org/TR/xml/#charsets Character Range
+            if (isAllowedXmlCharacter(ch)) {
                 out.write(ch);
             }
         }

impl/src/test/java/com/sun/faces/util/HtmlUtilsTest.java

@@ -0,0 +1,48 @@
+package com.sun.faces.util;
+
+import static com.sun.faces.util.HtmlUtils.isAllowedXmlCharacter;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import org.junit.jupiter.api.Test;
+
+class HtmlUtilsTest {
+
+    /**
+     * https://github.com/eclipse-ee4j/mojarra/issues/4516
+     * https://github.com/eclipse-ee4j/mojarra/issues/5464
+     */
+    @Test
+    void testAllowedXmlCharacter() {
+        for (int c = 0x0000; c <= 0x0008; c++) {
+            assertFalse(isAllowedXmlCharacter(c));
+        }
+
+        assertTrue(isAllowedXmlCharacter(0x0009));
+        assertTrue(isAllowedXmlCharacter(0x000A));
+
+        assertFalse(isAllowedXmlCharacter(0x000B));
+        assertFalse(isAllowedXmlCharacter(0x000C));
+
+        assertTrue(isAllowedXmlCharacter(0x000D));
+
+        for (int c = 0x000E; c <= 0x0019; c++) {
+            assertFalse(isAllowedXmlCharacter(c));
+        }
+
+        for (int c = 0x0020; c <= 0xD7FF; c++) {
+            assertTrue(isAllowedXmlCharacter(c));
+        }
+
+        for (int c = 0xD800; c <= 0xDFFF; c++) {
+            assertFalse(isAllowedXmlCharacter(c));
+        }
+
+        for (int c = 0xE000; c <= 0xFFFD; c++) {
+            assertTrue(isAllowedXmlCharacter(c));
+        }
+
+        assertFalse(isAllowedXmlCharacter(0xFFFE));
+        assertFalse(isAllowedXmlCharacter(0xFFFF));
+    }
+}