You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ra...@apache.org on 2018/06/01 15:00:38 UTC
[sling-org-apache-sling-scripting-sightly] branch issue/SLING-7681
updated: SLING-7701 - [HTL] Add support for negative numbers
This is an automated email from the ASF dual-hosted git repository.
radu pushed a commit to branch issue/SLING-7681
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-scripting-sightly.git
The following commit(s) were added to refs/heads/issue/SLING-7681 by this push:
new 4a8e617 SLING-7701 - [HTL] Add support for negative numbers
4a8e617 is described below
commit 4a8e617cf354825e2008f8f0af3569ef860ed23d
Author: Radu Cotescu <ra...@apache.org>
AuthorDate: Fri Jun 1 16:52:39 2018 +0200
SLING-7701 - [HTL] Add support for negative numbers
---
.../impl/engine/extension/XSSRuntimeExtension.java | 29 ++++++++++++++--------
1 file changed, 19 insertions(+), 10 deletions(-)
diff --git a/src/main/java/org/apache/sling/scripting/sightly/impl/engine/extension/XSSRuntimeExtension.java b/src/main/java/org/apache/sling/scripting/sightly/impl/engine/extension/XSSRuntimeExtension.java
index ed0f13f..a56c825 100644
--- a/src/main/java/org/apache/sling/scripting/sightly/impl/engine/extension/XSSRuntimeExtension.java
+++ b/src/main/java/org/apache/sling/scripting/sightly/impl/engine/extension/XSSRuntimeExtension.java
@@ -50,7 +50,7 @@ public class XSSRuntimeExtension implements RuntimeExtension {
private static final Set<String> elementNameWhiteList = new HashSet<>();
private static final Logger LOG = LoggerFactory.getLogger(XSSRuntimeExtension.class);
- private static final Pattern VALID_ATTRIBUTE = Pattern.compile("^[a-zA-Z_:][\\-a-zA-Z0-9_:\\.]*$");
+ private static final Pattern VALID_ATTRIBUTE = Pattern.compile("^[a-zA-Z_:][\\-a-zA-Z0-9_:.]*$");
private static final Pattern ATTRIBUTE_BLACKLIST = Pattern.compile("^(style|(on.*))$", Pattern.CASE_INSENSITIVE);
@Override
@@ -66,7 +66,7 @@ public class XSSRuntimeExtension implements RuntimeExtension {
hint = arguments[2];
}
MarkupContext markupContext = null;
- if (option != null && option instanceof String) {
+ if (option instanceof String) {
String name = (String) option;
markupContext = MarkupContext.lookup(name);
}
@@ -100,10 +100,23 @@ public class XSSRuntimeExtension implements RuntimeExtension {
case ATTRIBUTE_NAME:
return escapeAttributeName(text);
case NUMBER:
- Long result = xssApi.getValidLong(text, 0);
- if (result != null) {
- return result.toString();
+ Number result = 0;
+ if (text != null) {
+ if (text.contains(".") || text.contains("e") || text.contains("E")) {
+ try {
+ result = Double.parseDouble(text);
+ } catch (NumberFormatException doubleParseError) {
+ result = 0;
+ }
+ } else {
+ try {
+ result = Long.parseLong(text);
+ } catch (NumberFormatException longParseError) {
+ result = 0;
+ }
+ }
}
+ return result.toString();
case URI:
return xssApi.getValidHref(text);
case SCRIPT_TOKEN:
@@ -145,16 +158,12 @@ public class XSSRuntimeExtension implements RuntimeExtension {
return null;
}
attributeName = attributeName.trim();
- if (matchPattern(VALID_ATTRIBUTE, attributeName) && !isSensitiveAttribute(attributeName)) {
+ if (VALID_ATTRIBUTE.matcher(attributeName).matches() && !isSensitiveAttribute(attributeName)) {
return attributeName;
}
return null;
}
- private boolean matchPattern(Pattern pattern, String str) {
- return pattern.matcher(str).matches();
- }
-
static {
elementNameWhiteList.add("section");
elementNameWhiteList.add("nav");
--
To stop receiving notification emails like this one, please contact
radu@apache.org.