You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by mg...@apache.org on 2022/08/16 09:16:18 UTC

[wicket] branch wicket-6993-escape-attributes created (now 25527239d8)

This is an automated email from the ASF dual-hosted git repository.

mgrigorov pushed a change to branch wicket-6993-escape-attributes
in repository https://gitbox.apache.org/repos/asf/wicket.git


      at 25527239d8 WICKET-6993: Improve escape/unescape of url attributes (style & variation)

This branch includes the following new commits:

     new 25527239d8 WICKET-6993: Improve escape/unescape of url attributes (style & variation)

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[wicket] 01/01: WICKET-6993: Improve escape/unescape of url attributes (style & variation)

Posted by mg...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

mgrigorov pushed a commit to branch wicket-6993-escape-attributes
in repository https://gitbox.apache.org/repos/asf/wicket.git

commit 25527239d82143e1983658236a997c371a80b381
Author: Martin Tzvetanov Grigorov <mg...@apache.org>
AuthorDate: Tue Aug 16 12:12:38 2022 +0300

    WICKET-6993: Improve escape/unescape of url attributes (style & variation)
    
    There are still failing tests when `--` is used in an attribute.
    The problem is that it is encoded `~~' which later is decoded as '~'.
    I don't see any solution here. Whatever scheme we choose for encoding
    one can always break it.
    The only solution I see is to forbid '--' in attributes, i.e. throw a
    RuntimeException.
    
    Signed-off-by: Martin Tzvetanov Grigorov <mg...@apache.org>
---
 .../org/apache/wicket/resource/ResourceUtil.java   | 57 +++++++++++++++++++---
 .../apache/wicket/resource/ResourceUtilTest.java   | 15 ++++++
 2 files changed, 65 insertions(+), 7 deletions(-)

diff --git a/wicket-core/src/main/java/org/apache/wicket/resource/ResourceUtil.java b/wicket-core/src/main/java/org/apache/wicket/resource/ResourceUtil.java
index 28ed7e2562..a217da031b 100644
--- a/wicket-core/src/main/java/org/apache/wicket/resource/ResourceUtil.java
+++ b/wicket-core/src/main/java/org/apache/wicket/resource/ResourceUtil.java
@@ -38,9 +38,6 @@ import org.apache.wicket.util.string.Strings;
  */
 public class ResourceUtil
 {
-
-	private static final Pattern ESCAPED_ATTRIBUTE_PATTERN = Pattern.compile("(\\w)~(\\w)");
-
 	/**
 	 * Reads resource reference attributes (style, locale, variation) encoded in the given string.
 	 * 
@@ -174,8 +171,33 @@ public class ResourceUtil
 	 */
 	public static CharSequence escapeAttributesSeparator(String attribute)
 	{
-		CharSequence tmp = Strings.replaceAll(attribute, "~", "~~");
-		return Strings.replaceAll(tmp, "-", "~");
+		int len = attribute.length();
+		StringBuilder result = new StringBuilder(len + 4);
+		for (int i = 0; i < len; i++)
+		{
+			char c = attribute.charAt(i);
+			if (c == '-')
+			{
+				if (i + 1 < len && attribute.charAt(i + 1) == '-')
+				{
+					result.append("~~~~");
+					i++;
+				}
+				else
+				{
+					result.append('~');
+				}
+			}
+			else if (c == '~')
+			{
+				result.append("~~");
+			}
+			else
+			{
+				result.append(c);
+			}
+		}
+		return result;
 	}
 
 	/**
@@ -277,8 +299,29 @@ public class ResourceUtil
 	 */
 	public static String unescapeAttributesSeparator(String attribute)
 	{
-		String tmp = ESCAPED_ATTRIBUTE_PATTERN.matcher(attribute).replaceAll("$1-$2");
-		return Strings.replaceAll(tmp, "~~", "~").toString();
+		int len = attribute.length();
+		StringBuilder result = new StringBuilder(len);
+		for (int i = 0; i < len; i++)
+		{
+			char c = attribute.charAt(i);
+			if (c == '~')
+			{
+				if (i + 1 < len && attribute.charAt(i + 1) == '~')
+				{
+					result.append('~');
+					i++;
+				}
+				else
+				{
+					result.append('-');
+				}
+			}
+			else
+			{
+				result.append(c);
+			}
+		}
+		return result.toString();
 	}
 
 	private ResourceUtil()
diff --git a/wicket-core/src/test/java/org/apache/wicket/resource/ResourceUtilTest.java b/wicket-core/src/test/java/org/apache/wicket/resource/ResourceUtilTest.java
index 92b84bac25..8cb86db62a 100644
--- a/wicket-core/src/test/java/org/apache/wicket/resource/ResourceUtilTest.java
+++ b/wicket-core/src/test/java/org/apache/wicket/resource/ResourceUtilTest.java
@@ -25,6 +25,8 @@ import org.apache.wicket.request.Url;
 import org.apache.wicket.request.resource.ResourceReference;
 import org.apache.wicket.request.resource.ResourceReference.UrlAttributes;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
 import org.mockito.Mockito;
 
 class ResourceUtilTest
@@ -134,4 +136,17 @@ class ResourceUtilTest
 		
 		assertEquals(urlString + "?--variation", url.toString());
 	}
+
+	@ParameterizedTest
+	@ValueSource(strings = {"double--separator", "single-e-inside", "single~e~inside", "-", "--", "~", "~~"})
+	void encodeAndDecodeVariationShouldBeEqual(String variation) throws Exception
+	{
+		UrlAttributes attributes = new UrlAttributes(null, null, variation);
+		String encoded = ResourceUtil.encodeResourceReferenceAttributes(attributes);
+		System.err.println("Encoded: " + encoded);
+
+		attributes = ResourceUtil.decodeResourceReferenceAttributes(encoded);
+
+		assertEquals(variation, attributes.getVariation());
+	}
 }