HADOOP-7093. Servlets should default to text/plain. Contributed by Todd Lipcon

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1058822 13f79535-47bb-0310-9956-ffa450edef68

Author: toddlipcon

CHANGES.txt

@@ -438,6 +438,8 @@ Release 0.22.0 - Unreleased
     HADOOP-7097. JAVA_LIBRARY_PATH missing base directory. (Noah Watkins via
     todd)
 
+    HADOOP-7093. Servlets should default to text/plain (todd)
+
 Release 0.21.1 - Unreleased
 
   IMPROVEMENTS

src/java/org/apache/hadoop/conf/ConfServlet.java

@@ -69,12 +69,12 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
     }
 
     if (FORMAT_XML.equals(format)) {
-      response.setContentType("text/xml");
+      response.setContentType("text/xml; charset=utf-8");
     } else if (FORMAT_JSON.equals(format)) {
-      response.setContentType("text/javascript");
+      response.setContentType("application/json; charset=utf-8");
     }
 
-    OutputStreamWriter out = new OutputStreamWriter(response.getOutputStream());
+    Writer out = response.getWriter();
     try {
       writeResponse(getConfFromContext(), out, format);
     } catch (BadFormatException bfe) {

src/java/org/apache/hadoop/http/HttpServer.java

@@ -739,8 +739,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
         return;
       }
 
-      PrintWriter out = new PrintWriter
-                    (HtmlQuoting.quoteOutputStream(response.getOutputStream()));
+      PrintWriter out = response.getWriter();
       ReflectionUtils.printThreadInfo(out, "");
       out.close();
       ReflectionUtils.logThreadInfo(LOG, "jsp requested", 1);      
@@ -858,12 +857,16 @@ public void doFilter(ServletRequest request,
       HttpServletResponse httpResponse = (HttpServletResponse) response;
 
       String mime = inferMimeType(request);
-      if (mime == null || mime.equals("text/html")) {
-        // no extension or HTML with unspecified encoding, we want to
+      if (mime == null) {
+        httpResponse.setContentType("text/plain; charset=utf-8");
+      } else if (mime.startsWith("text/html")) {
+        // HTML with unspecified encoding, we want to
         // force HTML with utf-8 encoding
         // This is to avoid the following security issue:
         // http://openmya.hacker.jp/hasegawa/security/utf7cs.html
         httpResponse.setContentType("text/html; charset=utf-8");
+      } else if (mime.startsWith("application/xml")) {
+        httpResponse.setContentType("text/xml; charset=utf-8");
       }
       chain.doFilter(quoted, httpResponse);
     }

src/java/org/apache/hadoop/metrics/MetricsServlet.java

@@ -112,17 +112,26 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
       return;
     }
 
-    PrintWriter out = new PrintWriter(response.getOutputStream());
     String format = request.getParameter("format");
     Collection<MetricsContext> allContexts = 
       ContextFactory.getFactory().getAllContexts();
     if ("json".equals(format)) {
-      // Uses Jetty's built-in JSON support to convert the map into JSON.
-      out.print(new JSON().toJSON(makeMap(allContexts)));
+      response.setContentType("application/json; charset=utf-8");
+      PrintWriter out = response.getWriter();
+      try {
+        // Uses Jetty's built-in JSON support to convert the map into JSON.
+        out.print(new JSON().toJSON(makeMap(allContexts)));
+      } finally {
+        out.close();
+      }
     } else {
-      printMap(out, makeMap(allContexts));
+      PrintWriter out = response.getWriter();
+      try {
+        printMap(out, makeMap(allContexts));
+      } finally {
+        out.close();
+      }
     }
-    out.close();
   }
 
   /**

src/test/core/org/apache/hadoop/http/TestHttpServer.java

@@ -19,6 +19,7 @@
 
 import java.io.IOException;
 import java.io.PrintStream;
+import java.io.PrintWriter;
 import java.net.URLConnection;
 import java.net.HttpURLConnection;
 import java.net.URL;
@@ -67,7 +68,7 @@ public static class EchoMapServlet extends HttpServlet {
     public void doGet(HttpServletRequest request, 
                       HttpServletResponse response
                       ) throws ServletException, IOException {
-      PrintStream out = new PrintStream(response.getOutputStream());
+      PrintWriter out = response.getWriter();
       Map<String, String[]> params = request.getParameterMap();
       SortedSet<String> keys = new TreeSet(params.keySet());
       for(String key: keys) {
@@ -94,7 +95,7 @@ public static class EchoServlet extends HttpServlet {
     public void doGet(HttpServletRequest request, 
                       HttpServletResponse response
                       ) throws ServletException, IOException {
-      PrintStream out = new PrintStream(response.getOutputStream());
+      PrintWriter out = response.getWriter();
       SortedSet<String> sortedKeys = new TreeSet();
       Enumeration<String> keys = request.getParameterNames();
       while(keys.hasMoreElements()) {
@@ -110,10 +111,25 @@ public void doGet(HttpServletRequest request,
     }    
   }
 
+  @SuppressWarnings("serial")
+  public static class HtmlContentServlet extends HttpServlet {
+    @SuppressWarnings("unchecked")
+    @Override
+    public void doGet(HttpServletRequest request, 
+                      HttpServletResponse response
+                      ) throws ServletException, IOException {
+      response.setContentType("text/html");
+      PrintWriter out = response.getWriter();
+      out.print("hello world");
+      out.close();
+    }
+  }
+
   @BeforeClass public static void setup() throws Exception {
     server = createTestServer();
     server.addServlet("echo", "/echo", EchoServlet.class);
     server.addServlet("echomap", "/echomap", EchoMapServlet.class);
+    server.addServlet("htmlcontent", "/htmlcontent", HtmlContentServlet.class);
     server.start();
     baseUrl = getServerURL(server);
   }
@@ -176,19 +192,33 @@ public void run() {
     assertEquals(200, conn.getResponseCode());
     assertEquals("text/css", conn.getContentType());
 
-    // Servlets should have text/html with proper encoding
+    // Servlets should have text/plain with proper encoding by default
     URL servletUrl = new URL(baseUrl, "/echo?a=b");
     conn = (HttpURLConnection)servletUrl.openConnection();
     conn.connect();
     assertEquals(200, conn.getResponseCode());
-    assertEquals("text/html; charset=utf-8", conn.getContentType());
+    assertEquals("text/plain; charset=utf-8", conn.getContentType());
 
     // We should ignore parameters for mime types - ie a parameter
     // ending in .css should not change mime type
     servletUrl = new URL(baseUrl, "/echo?a=b.css");
     conn = (HttpURLConnection)servletUrl.openConnection();
     conn.connect();
     assertEquals(200, conn.getResponseCode());
+    assertEquals("text/plain; charset=utf-8", conn.getContentType());
+
+    // Servlets that specify text/html should get that content type
+    servletUrl = new URL(baseUrl, "/htmlcontent");
+    conn = (HttpURLConnection)servletUrl.openConnection();
+    conn.connect();
+    assertEquals(200, conn.getResponseCode());
+    assertEquals("text/html; charset=utf-8", conn.getContentType());
+
+    // JSPs should default to text/html with utf8
+    servletUrl = new URL(baseUrl, "/testjsp.jsp");
+    conn = (HttpURLConnection)servletUrl.openConnection();
+    conn.connect();
+    assertEquals(200, conn.getResponseCode());
     assertEquals("text/html; charset=utf-8", conn.getContentType());
   }
 

src/test/test-webapps/test/testjsp.jsp

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?><%!
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file 
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+%>
+<%@ page contentType="text/html; charset=UTF-8" %> 
+Hello world!