You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@deltaspike.apache.org by st...@apache.org on 2019/10/15 19:21:41 UTC

[deltaspike] branch master updated: DELTASPIKE-1389 further stricten dswid

This is an automated email from the ASF dual-hosted git repository.

struberg pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/deltaspike.git


The following commit(s) were added to refs/heads/master by this push:
     new beae6e1  DELTASPIKE-1389 further stricten dswid
beae6e1 is described below

commit beae6e12f64e1a0066c3add17a4bfcca2ee0fb2c
Author: Mark Struberg <st...@apache.org>
AuthorDate: Tue Oct 15 21:21:14 2019 +0200

    DELTASPIKE-1389 further stricten dswid
---
 .../apache/deltaspike/core/util/StringUtils.java   | 35 ++++++++++++++++++++++
 .../deltaspike/test/api/util/StringUtilsTest.java  | 10 +++++++
 .../strategy/AbstractClientWindowStrategy.java     |  4 ++-
 3 files changed, 48 insertions(+), 1 deletion(-)

diff --git a/deltaspike/core/api/src/main/java/org/apache/deltaspike/core/util/StringUtils.java b/deltaspike/core/api/src/main/java/org/apache/deltaspike/core/util/StringUtils.java
index 7f70385..61ebe12 100644
--- a/deltaspike/core/api/src/main/java/org/apache/deltaspike/core/util/StringUtils.java
+++ b/deltaspike/core/api/src/main/java/org/apache/deltaspike/core/util/StringUtils.java
@@ -40,4 +40,39 @@ public abstract class StringUtils
     {
         return !isEmpty(text);
     }
+
+    /**
+     * Remove any non-numeric, non-alphanumeric Characters in the given String
+     * @param val
+     * @return the original string but any non-numeric, non-alphanumeric is replaced with a '_'
+     */
+    public static String removeSpecialChars(String val)
+    {
+        if (val == null)
+        {
+            return null;
+        }
+
+        int len = val.length();
+        char[] newBuf = new char[len];
+        val.getChars(0, len, newBuf, 0);
+        for (int i = 0; i < len; i++)
+        {
+            char c = newBuf[i];
+            if (c >= 'a' && c <= 'z' ||
+                c >= 'A' && c <= 'Z' ||
+                c >= '0' && c <= '9' ||
+                c == '-' ||
+                c == '_')
+            {
+                continue;
+            }
+
+            // every other char gets replaced with '_'
+            newBuf[i] = '_';
+        }
+
+        return new String(newBuf);
+    }
+
 }
\ No newline at end of file
diff --git a/deltaspike/core/api/src/test/java/org/apache/deltaspike/test/api/util/StringUtilsTest.java b/deltaspike/core/api/src/test/java/org/apache/deltaspike/test/api/util/StringUtilsTest.java
index 883ce2d..b3c256e 100644
--- a/deltaspike/core/api/src/test/java/org/apache/deltaspike/test/api/util/StringUtilsTest.java
+++ b/deltaspike/core/api/src/test/java/org/apache/deltaspike/test/api/util/StringUtilsTest.java
@@ -32,4 +32,14 @@ public class StringUtilsTest
         Assert.assertTrue(StringUtils.isEmpty(" "));
         Assert.assertFalse(StringUtils.isEmpty(" a "));
     }
+
+    @Test
+    public void testRemoveSpecialChars() {
+        Assert.assertNull(StringUtils.removeSpecialChars(null));
+        Assert.assertEquals("abc_def", StringUtils.removeSpecialChars("abc def"));
+        Assert.assertEquals("a_c_def", StringUtils.removeSpecialChars("a_c def")); // not replace _
+        Assert.assertEquals("a-c_dex", StringUtils.removeSpecialChars("a-c dex")); // not replace -
+        Assert.assertEquals("a_c_def", StringUtils.removeSpecialChars("a\'c def"));
+        Assert.assertEquals("A_c_deX", StringUtils.removeSpecialChars("A#c deX"));
+    }
 }
\ No newline at end of file
diff --git a/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/scope/window/strategy/AbstractClientWindowStrategy.java b/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/scope/window/strategy/AbstractClientWindowStrategy.java
index dc621c1..a86495f 100644
--- a/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/scope/window/strategy/AbstractClientWindowStrategy.java
+++ b/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/scope/window/strategy/AbstractClientWindowStrategy.java
@@ -25,6 +25,8 @@ import javax.annotation.PostConstruct;
 import javax.faces.context.FacesContext;
 import javax.inject.Inject;
 import javax.servlet.http.HttpServletRequest;
+
+import org.apache.deltaspike.core.util.StringUtils;
 import org.apache.deltaspike.jsf.api.config.JsfModuleConfig;
 import org.apache.deltaspike.jsf.impl.util.ClientWindowHelper;
 import org.apache.deltaspike.jsf.spi.scope.window.ClientWindow;
@@ -103,7 +105,7 @@ public abstract class AbstractClientWindowStrategy implements ClientWindow
      */
     protected String sanitiseWindowId(String windowId)
     {
-        return windowId.replace('(', '_').replace('<', '_').replace('&', '_');
+        return StringUtils.removeSpecialChars(windowId);
     }
 
     protected abstract String getOrCreateWindowId(FacesContext facesContext);