0

I am writing a Spring controller that will be acting as an event subscriber for a 3rd party platform that we do not have any control over. When content is created or updated in that platform, it will send a POST request to a callback URL we specify. That request will contain information about what has changed, including the body of that content. For this endpoint, we only care about a small subset of the fields, but for some reason when the controller is receiving the body of the request, the escaped HTML characters from the body are breaking the whole document, which in turn breaks the XML parser.

The simplified controller class I have created is as follows:

@RestController
public class Controller {

  @PostMapping(path = "/listenerOne")
  public ResponseEntity<String> listenerOne(
      @RequestParam(name = "event.type") final String eventType,
      @RequestParam(name = "message", required = false) final String xmlPayload) {
    return ResponseEntity.ok().body(xmlPayload);
  }

  @PostMapping(path = "/listenerTwo", consumes = {MediaType.APPLICATION_FORM_URLENCODED_VALUE})
  public ResponseEntity<String> listenerTwo(@RequestBody final MultiValueMap<String, String> messageEvent) {
    return ResponseEntity.ok().body(messageEvent.toString());
  }

}

message-event.xml is a sample of the request parameter captured from a log message.

<message type="message" href="/messages/id/1313133">
    <body type="string">&lt;P&gt;Test body&lt;/P&gt;</body>
    <subject type="string">Test message</subject>
    <id type="int">1313133</id>
</message>

curl -XPOST localhost:8080/listenerOne -d "event.type=MessageUpdate&message=$(cat message-event.xml)"
<message type="message" href="/messages/id/1313133">
    <body type="string">%

curl -XPOST localhost:8080/listenerTwo -d "event.type=MessageUpdate&message=$(cat message-event.xml)"
{event.type=[MessageUpdate], message=[<message type="message" href="/messages/id/1313133">
    <body type="string">], lt;P=[], gt;Test body=[], lt;/P=[], gt;</body>
    <subject type=["string">Test message</subject>
    <id type="int">1313133</id>
</message>]}%

As you can see, everything after <body type="string"> is being removed. Any ideas on why this is splitting the request body/parameters?

Steven Spasbo
  • 647
  • 7
  • 18

1 Answers1

0

You need to either encode HTML content or probably more appropriate solution is to use CDATA formatting in xml Here is a question that gives your detailed answer: Is it possible to insert HTML content in XML document?

Michael Gantman
  • 7,315
  • 2
  • 19
  • 36