powered by Jive Software

Escaping HTML for RosterGroups and CustomStatus names

The latest download (1.4.0) has a bug fix (SMACK - 135) for escaping invalid characters in TO and FROM fields of any packets. Shouldn’'t this fix be expanded to escape invalid characters in RosterGroup names and CustomStatus names as well?

AFAIK, the XMPP spec does not really specify which are the valid set of characters for roster item names. Are you having any problem with the current implementation?


– Gato

If I set a group name containing chars like ‘’<’’ or ‘’>’’ it messes up the XML that is sent to my server. A simple fix in the toXML() method of the RosterPacket class can fix the problem (see “NEW CODE” comment):

public String toXML() {

StringBuffer buf = new StringBuffer();

buf.append("<item jid="").append(user).append(""");

if (name != null) {

buf.append(" name="").append(name).append(""");


if (itemType != null) {

buf.append(" subscription="").append(itemType).append(""");


if (itemStatus != null) {

buf.append(" ask="").append(itemStatus).append(""");



synchronized (groupNames) {

for (int i=0; i<groupNames.size(); i++) {

String groupName = (String)groupNames.get(i);


groupName = StringUtils.escapeForXML(groupName);






return buf.toString();


Thanks for the fix. I’'ll incorporate it for the next release.


– Gato

Great thanks!

I went ahead and fixed this one issue the other day, unified diffs attached (this also addresses some other potential problems, but includes the fix for RosterPacket).
escapeXML.smack.patch (6955 Bytes)

Hey Chris,

Cool. I’'ll take a look at your patch and let you know my feedback.


– Gato