[Pcgen-github] [PCGen/pcgen] 1dc4cd: Drop spring-web dependency, replace HtmlUtils with...

[Vest <no...@gi...>]

  Branch: refs/heads/master
  Home:   https://github.com/PCGen/pcgen
  Commit: 1dc4cd319655984d50879f5b4e819887f4748566
      https://github.com/PCGen/pcgen/commit/1dc4cd319655984d50879f5b4e819887f4748566
  Author: Vest <Ve...@us...>
  Date:   2026-06-03 (Wed, 03 Jun 2026)

  Changed paths:
    M build.gradle
    M code/src/java/module-info.java
    M code/src/java/pcgen/cdom/helper/AllowUtilities.java
    A code/src/utest/pcgen/cdom/helper/AllowUtilitiesTest.java

  Log Message:
  -----------
  Drop spring-web dependency, replace HtmlUtils with local helper (#7577)

spring-web was used in exactly one place: HtmlUtils.htmlEscape in
AllowUtilities.getAllowInfo. Removing it shrinks the runtime classpath
and the desktop-app dep tree (Spring Framework in a desktop app is
optimization item #24).

Changes:
- build.gradle: drop spring-web; introduce spring-framework-bom so
  spring-beans/spring-core are version-aligned (BOM groundwork from
  optimization item #4).
- module-info.java: remove `requires spring.web`.
- AllowUtilities: add a private htmlEscape that escapes only `&` and
  `<`, the only chars that can change HTML structure in element
  content. `>`, `"`, `'` are deliberately left alone — `>` is harmless
  in element content, and `"`/`'` only matter inside attribute values
  (this output is element content, never an attribute).

An audit of all INFO: token values across the bundled LST data
(~14k entries in 6.3k files) found zero occurrences of `<` or `>`
and only PCGen's own &nl; macro for `&`, so in practice the escape is
defensive: it protects against future content authors who introduce
literal `&` or `<` in INFO: text.

Unit tests added in AllowUtilitiesTest covering each escaped/unescaped
metacharacter, empty input, plain text, and unicode.



To unsubscribe from these emails, change your notification settings at https://github.com/PCGen/pcgen/settings/notifications