You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@isis.apache.org by ah...@apache.org on 2022/10/10 13:52:32 UTC
[isis] branch master updated: ISIS-3240: CalendarEventSemantics: properly escape string content
This is an automated email from the ASF dual-hosted git repository.
ahuber pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/isis.git
The following commit(s) were added to refs/heads/master by this push:
new 3422551246 ISIS-3240: CalendarEventSemantics: properly escape string content
3422551246 is described below
commit 342255124635013194f63c41a7639f979b3340e8
Author: Andi Huber <ah...@apache.org>
AuthorDate: Mon Oct 10 15:52:25 2022 +0200
ISIS-3240: CalendarEventSemantics: properly escape string content
- also fixes html escape utility (wrong order of characters to be
processed)
---
.../internal/base/_Strings_HtmlEscaper.java | 10 ++++-----
.../applib/value/CalendarEventSemantics.java | 24 +++++++++++++++++++---
2 files changed, 26 insertions(+), 8 deletions(-)
diff --git a/commons/src/main/java/org/apache/isis/commons/internal/base/_Strings_HtmlEscaper.java b/commons/src/main/java/org/apache/isis/commons/internal/base/_Strings_HtmlEscaper.java
index b33a67ba29..bc873cb674 100644
--- a/commons/src/main/java/org/apache/isis/commons/internal/base/_Strings_HtmlEscaper.java
+++ b/commons/src/main/java/org/apache/isis/commons/internal/base/_Strings_HtmlEscaper.java
@@ -26,17 +26,17 @@ package org.apache.isis.commons.internal.base;
final class _Strings_HtmlEscaper {
// as declared int guava's com.google.common.html.HtmlEscapers
+ // order matters: replace '&' first
private static final _Strings.KeyValuePair[] replacements = {
- _Strings.pair("\"", """),
- // Note: "'" is not defined in HTML 4.01.
- _Strings.pair("'", "'"),
_Strings.pair("&", "&"),
_Strings.pair("<", "<"),
_Strings.pair(">", ">"),
-
+ _Strings.pair("\"", """),
+ // Note: "'" is not defined in HTML 4.01.
+ _Strings.pair("'", "'"),
};
- static String htmlEscape(String input) {
+ static String htmlEscape(final String input) {
if(_Strings.isEmpty(input)) {
return input;
}
diff --git a/extensions/vw/fullcalendar/applib/src/main/java/org/apache/isis/extensions/fullcalendar/applib/value/CalendarEventSemantics.java b/extensions/vw/fullcalendar/applib/src/main/java/org/apache/isis/extensions/fullcalendar/applib/value/CalendarEventSemantics.java
index 13a4747547..1b6640ac2b 100644
--- a/extensions/vw/fullcalendar/applib/src/main/java/org/apache/isis/extensions/fullcalendar/applib/value/CalendarEventSemantics.java
+++ b/extensions/vw/fullcalendar/applib/src/main/java/org/apache/isis/extensions/fullcalendar/applib/value/CalendarEventSemantics.java
@@ -133,12 +133,15 @@ implements
}
private final Can<String> htmlTemplate = _Text.readLinesFromResource(this.getClass(),
- "CalendarEvent.html", StandardCharsets.UTF_8);
+ "CalendarEvent.html", StandardCharsets.UTF_8)
+ .stream()
+ .skip(20)
+ .collect(Can.toCan());
@Override
public String htmlPresentation(final Context context, final CalendarEvent value) {
return renderHtml(value, v->{
- val html = new _StringInterpolation(toMap(context, value))
+ val html = new _StringInterpolation(toMapHtmlEscaped(context, value))
.applyTo(htmlTemplate)
.stream()
.collect(Collectors.joining());
@@ -146,7 +149,9 @@ implements
});
}
- private Map<String, @NonNull String> toMap(final Context context, final CalendarEvent v) {
+ private Map<String, @NonNull String> toMap(
+ final Context context,
+ final CalendarEvent v) {
return Map.of(
"title", v.getTitle(),
"calendar-name", v.getCalendarName(),
@@ -156,6 +161,19 @@ implements
"notes", _Strings.nullToEmpty(v.getNotes()));
}
+ private Map<String, @NonNull String> toMapHtmlEscaped(
+ final Context context,
+ final CalendarEvent v) {
+ return Map.of(
+ "title", _Strings.htmlEscape(v.getTitle()),
+ "calendar-name", _Strings.htmlEscape(v.getCalendarName()),
+ "timestamp", zonedDateTimeValueSemantics
+ .htmlPresentation(context,
+ v.asDateTime(context.getInteractionContext().getTimeZone())),
+ "notes", _Strings.htmlEscape(_Strings.nullToEmpty(v.getNotes())));
+ }
+
+
// -- EXAMPLES
@Override