Uploaded image for project: 'logback'
  1. logback
  2. LOGBACK-440

XML/HTML tags haven't get escaped in HTMLLayout

    Details

    • Type: Bug
    • Status: In Progress
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 0.9.18
    • Fix Version/s: None
    • Component/s: logback-classic
    • Labels:
      None
    • Environment:

      Linux (Ubuntu), JavaSE 1.6

      Description

      View it here for a better looking: http://stackoverflow.com/questions/2069135/how-to-make-xml-get-escaped-in-htmllayout-of-logback

      I'm using logback (with slf4j) to do the logging, and I've got many XML content to be logged in both text files and HTML files (with HTMLLayout). However, logback just inserts the raw XML in the <TD> tags for the HTMLLayout, without any escaping or <pre> processing.

      Here is the snippet of my logback.xml:

      <appender name="ALL" class="ch.qos.logback.core.rolling.RollingFileAppender">
      <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
      <FileNamePattern>$

      {DIR_ALL}

      /%d

      {yyyy-MM-dd}

      .%i.html</FileNamePattern>
      <TimeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
      <MaxFileSize>500KB</MaxFileSize>
      </TimeBasedFileNamingAndTriggeringPolicy>
      </rollingPolicy>
      <layout class="ch.qos.logback.classic.html.HTMLLayout">
      <pattern>%d

      {HH:mm:ss.SSS}

      %logger

      {1}

      %msg</pattern>
      <cssBuilder class="ch.qos.logback.classic.html.UrlCssBuilder">
      <url>$

      {CSS_HREF}

      </url>
      </cssBuilder>
      <title>Logs (ALL)</title>
      </layout>

      And the following is what I got:

      <td class="Message">(DemoCall) parsing response failed. Details:
      <call><action>getmessage</action></call>
      </td>
      What I'm expecting:

      <td class="Message">(DemoCall) parsing response failed. Details:
      <call><action>getmessage</action></call>
      </td>

      Or better wrap the above message with a <pre> tag. Do I need to extend the HTMLLayout to archive that? Or is it my job to do a StringEscapeUtils.escapeHTML(msg) for each log statement (I'm not going to do that, since there also is a file appender for which the escaping is not needed).

      Thanks!

        Activity

        Hide
        xhh Xu Hui Hui added a comment -

        Anyone working on this?

        Show
        xhh Xu Hui Hui added a comment - Anyone working on this?
        Hide
        fractalizer Vladislav Rastrusny added a comment -

        Hey, guys?

        The bug is opened for a year already

        Show
        fractalizer Vladislav Rastrusny added a comment - Hey, guys? The bug is opened for a year already
        Hide
        cfairles Chris Fairles added a comment -

        Make that 2 years...

        Show
        cfairles Chris Fairles added a comment - Make that 2 years...
        Hide
        noreply.ceki@qos.ch Ceki Gulcu added a comment -

        Instead of html escaping all fields, how about only escaping the message field. If that is sufficient, logback already has hooks for adding custom converters. Teh HtmlEscapedMessageConverter shown below is a custom converter which html escapes the event message. Here is the code:

        package ch.qos.logback.classic.issue.lbclassic180;

        import ch.qos.logback.classic.pattern.ClassicConverter;
        import ch.qos.logback.classic.spi.ILoggingEvent;
        import ch.qos.logback.core.helpers.Transform;

        public class HtmlEscapedMessageConverter extends ClassicConverter {
        public String convert(ILoggingEvent event)

        { return Transform.escapeTags(event.getFormattedMessage()); }

        }

        In logback.xml config files, you can easily define a new conversion word to support HtmlEscapedMessageConverter. Here is a sample config:

        <configuration debug="true">
        <!-- define a new conversion rule -->
        <conversionRule conversionWord="htmlEscapedMessage"
        converterClass="ch.qos.logback.classic.issue.lbclassic180.HtmlEscapedMessageConverter"/>

        <appender name="CON" class="ch.qos.logback.core.ConsoleAppender">
        <encoder class="ch.qos.logback.core.encoder.LayoutWrappingEncoder">
        <layout class="ch.qos.logback.classic.html.HTMLLayout">
        <pattern>%d%logger%htmlEscapedMessage</pattern>
        </layout>
        </encoder>
        </appender>
        <root level="DEBUG">
        <appender-ref ref="CON"/>
        </root>
        </configuration>

        Show
        noreply.ceki@qos.ch Ceki Gulcu added a comment - Instead of html escaping all fields, how about only escaping the message field. If that is sufficient, logback already has hooks for adding custom converters. Teh HtmlEscapedMessageConverter shown below is a custom converter which html escapes the event message. Here is the code: package ch.qos.logback.classic.issue.lbclassic180; import ch.qos.logback.classic.pattern.ClassicConverter; import ch.qos.logback.classic.spi.ILoggingEvent; import ch.qos.logback.core.helpers.Transform; public class HtmlEscapedMessageConverter extends ClassicConverter { public String convert(ILoggingEvent event) { return Transform.escapeTags(event.getFormattedMessage()); } } In logback.xml config files, you can easily define a new conversion word to support HtmlEscapedMessageConverter. Here is a sample config: <configuration debug="true"> <!-- define a new conversion rule --> <conversionRule conversionWord="htmlEscapedMessage" converterClass="ch.qos.logback.classic.issue.lbclassic180.HtmlEscapedMessageConverter"/> <appender name="CON" class="ch.qos.logback.core.ConsoleAppender"> <encoder class="ch.qos.logback.core.encoder.LayoutWrappingEncoder"> <layout class="ch.qos.logback.classic.html.HTMLLayout"> <pattern>%d%logger%htmlEscapedMessage</pattern> </layout> </encoder> </appender> <root level="DEBUG"> <appender-ref ref="CON"/> </root> </configuration>
        Hide
        diroussel David Roussel added a comment -

        There is an escaping fix here: https://github.com/qos-ch/logback/pull/65

        Show
        diroussel David Roussel added a comment - There is an escaping fix here: https://github.com/qos-ch/logback/pull/65

          People

          • Assignee:
            noreply.ceki@qos.ch Ceki Gulcu
            Reporter:
            xhh Xu Hui Hui
          • Votes:
            3 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated: