From 1ffefcb5487701c2920c1fb1073d694d2783c783 Mon Sep 17 00:00:00 2001
From: Juergen Hoeller <jhoeller@vmware.com>
Date: Fri, 26 Sep 2014 21:47:21 +0200
Subject: [PATCH] LiveBeansView escapes double quotes in resource descriptions

Issue: SPR-12252
(cherry picked from commit 92f7121)
---
 .../context/support/LiveBeansView.java        | 32 +++++++++++++++++--
 1 file changed, 29 insertions(+), 3 deletions(-)

diff --git a/spring-context/src/main/java/org/springframework/context/support/LiveBeansView.java b/spring-context/src/main/java/org/springframework/context/support/LiveBeansView.java
index 43089a8956d..7c7bb1eeaf7 100644
--- a/spring-context/src/main/java/org/springframework/context/support/LiveBeansView.java
+++ b/spring-context/src/main/java/org/springframework/context/support/LiveBeansView.java
@@ -175,8 +175,7 @@ public class LiveBeansView implements LiveBeansViewMBean, ApplicationContextAwar
 					else {
 						result.append("\"type\": null,\n");
 					}
-					String resource = StringUtils.replace(bd.getResourceDescription(), "\\", "/");
-					result.append("\"resource\": \"").append(resource).append("\",\n");
+					result.append("\"resource\": \"").append(getEscapedResourceDescription(bd)).append("\",\n");
 					result.append("\"dependencies\": [");
 					String[] dependencies = bf.getDependenciesForBean(beanName);
 					if (dependencies.length > 0) {
@@ -201,7 +200,7 @@ public class LiveBeansView implements LiveBeansViewMBean, ApplicationContextAwar
 	}
 
 	/**
-	 * Determine whether the specified bean  is eligible for inclusion in the
+	 * Determine whether the specified bean is eligible for inclusion in the
 	 * LiveBeansView JSON snapshot.
 	 * @param beanName the name of the bean
 	 * @param bd the corresponding bean definition
@@ -213,4 +212,31 @@ public class LiveBeansView implements LiveBeansViewMBean, ApplicationContextAwar
 				(!bd.isLazyInit() || bf.containsSingleton(beanName)));
 	}
 
+	/**
+	 * Determine a resource description for the given bean definition and
+	 * apply basic JSON escaping (backslashes, double quotes) to it.
+	 * @param bd the bean definition to build the resource description for
+	 * @return the JSON-escaped resource description
+	 */
+	protected String getEscapedResourceDescription(BeanDefinition bd) {
+		String resourceDescription = bd.getResourceDescription();
+		if (resourceDescription == null) {
+			return null;
+		}
+		StringBuilder result = new StringBuilder(resourceDescription.length() + 16);
+		for (int i = 0; i < resourceDescription.length(); i++) {
+			char character = resourceDescription.charAt(i);
+			if (character == '\\') {
+				result.append('/');
+			}
+			else if (character == '"') {
+				result.append("\\").append('"');
+			}
+			else {
+				result.append(character);
+			}
+		}
+		return result.toString();
+	}
+
 }