You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@abdera.apache.org by jm...@apache.org on 2006/08/25 18:33:14 UTC
svn commit: r436846 - in /incubator/abdera/java/trunk:
core/src/main/java/org/apache/abdera/util/URIHelper.java
parser/src/main/java/org/apache/abdera/parser/stax/FOMElement.java
Author: jmsnell
Date: Fri Aug 25 09:33:13 2006
New Revision: 436846
URL: http://svn.apache.org/viewvc?rev=436846&view=rev
Log:
Don't allow javascript: or mailto: uris to be used in xml:base
Add utility methods to URIHelper for detecting javascript and mailto URIs
Modified:
incubator/abdera/java/trunk/core/src/main/java/org/apache/abdera/util/URIHelper.java
incubator/abdera/java/trunk/parser/src/main/java/org/apache/abdera/parser/stax/FOMElement.java
Modified: incubator/abdera/java/trunk/core/src/main/java/org/apache/abdera/util/URIHelper.java
URL: http://svn.apache.org/viewvc/incubator/abdera/java/trunk/core/src/main/java/org/apache/abdera/util/URIHelper.java?rev=436846&r1=436845&r2=436846&view=diff
==============================================================================
--- incubator/abdera/java/trunk/core/src/main/java/org/apache/abdera/util/URIHelper.java (original)
+++ incubator/abdera/java/trunk/core/src/main/java/org/apache/abdera/util/URIHelper.java Fri Aug 25 09:33:13 2006
@@ -19,9 +19,27 @@
import java.net.URI;
import java.net.URISyntaxException;
+import java.util.regex.Pattern;
public class URIHelper {
+ private static final Pattern javascript =
+ Pattern.compile(
+ "\\s*j\\s*a\\s*v\\s*a\\s*s\\s*c\\s*r\\s*i\\s*p\\s*t\\s*:.*");
+ private static final Pattern mailto =
+ Pattern.compile(
+ "\\s*m\\s*a\\s*i\\s*l\\s*t\\s*o\\s*:.*");
+
+ public static boolean isJavascriptUri(URI uri) {
+ if (uri == null) return false;
+ return javascript.matcher(uri.toString()).matches();
+ }
+
+ public static boolean isMailtoUri(URI uri) {
+ if (uri == null) return false;
+ return mailto.matcher(uri.toString()).matches();
+ }
+
/**
* Normalize a URI as specified by RFC4287 Section 4.2.6
*/
Modified: incubator/abdera/java/trunk/parser/src/main/java/org/apache/abdera/parser/stax/FOMElement.java
URL: http://svn.apache.org/viewvc/incubator/abdera/java/trunk/parser/src/main/java/org/apache/abdera/parser/stax/FOMElement.java?rev=436846&r1=436845&r2=436846&view=diff
==============================================================================
--- incubator/abdera/java/trunk/parser/src/main/java/org/apache/abdera/parser/stax/FOMElement.java (original)
+++ incubator/abdera/java/trunk/parser/src/main/java/org/apache/abdera/parser/stax/FOMElement.java Fri Aug 25 09:33:13 2006
@@ -44,6 +44,7 @@
import org.apache.abdera.parser.ParserOptions;
import org.apache.abdera.parser.stax.util.FOMList;
import org.apache.abdera.util.Constants;
+import org.apache.abdera.util.URIHelper;
import org.apache.axiom.om.OMAttribute;
import org.apache.axiom.om.OMComment;
import org.apache.axiom.om.OMContainer;
@@ -181,6 +182,8 @@
public URI getBaseUri() throws URISyntaxException {
URI uri = _getUriValue(getAttributeValue(BASE));
+ if (URIHelper.isJavascriptUri(uri) ||
+ URIHelper.isMailtoUri(uri)) { uri = null; }
if (uri == null) {
if (parent instanceof Element) {
uri = ((Element)parent).getBaseUri();
@@ -194,6 +197,8 @@
public URI getResolvedBaseUri() throws URISyntaxException {
URI baseUri = null;
URI uri = _getUriValue(getAttributeValue(BASE));
+ if (URIHelper.isJavascriptUri(uri) ||
+ URIHelper.isMailtoUri(uri)) { uri = null; }
if (parent instanceof Element)
baseUri = ((Element)parent).getResolvedBaseUri();
else if (parent instanceof Document)