You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shindig.apache.org by dd...@apache.org on 2012/06/17 07:14:07 UTC
svn commit: r1351048 - in /shindig/trunk/java/gadgets/src:
main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java
test/java/org/apache/shindig/gadgets/servlet/MakeRequestHandlerTest.java
Author: ddumont
Date: Sun Jun 17 05:14:06 2012
New Revision: 1351048
URL: http://svn.apache.org/viewvc?rev=1351048&view=rev
Log:
SHINDIG-1761 - IE: fail to process file upload response with special characters (")
Modified:
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestHandlerTest.java
Modified: shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java?rev=1351048&r1=1351047&r2=1351048&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java (original)
+++ shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java Sun Jun 17 05:14:06 2012
@@ -28,6 +28,7 @@ import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang3.StringEscapeUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.shindig.auth.AuthInfoUtil;
import org.apache.shindig.auth.SecurityToken;
@@ -87,6 +88,8 @@ public class MakeRequestHandler implemen
public static final String CORE_IO = "core.io";
public static final String UNPARSEABLE_CRUFT = "unparseableCruft";
public static final int MAX_POST_SIZE_DEFAULT = 5 * 1024 * 1024; // 5 MiB
+ public static final String IFRAME_RESPONSE_PREFIX = "<html><head></head><body><textarea></textarea><script type='text/javascript'>document.getElementsByTagName('TEXTAREA')[0].value='";
+ public static final String IFRAME_RESPONSE_SUFFIX = "';</script></body></html>";
private final Map<String, String> unparseableCruftMsgs;
private final RequestPipeline requestPipeline;
@@ -185,10 +188,10 @@ public class MakeRequestHandler implemen
PrintWriter out = response.getWriter();
if ("1".equals(getParameter(request, MULTI_PART_FORM_POST_IFRAME, null))) {
response.setContentType("text/html");
- out.write("<html><head></head><body><textarea>");
- out.write(this.unparseableCruftMsgs.get(container));
- out.write(output);
- out.write("</textarea></body></html>");
+ out.write(IFRAME_RESPONSE_PREFIX);
+ out.write(StringEscapeUtils.escapeEcmaScript(this.unparseableCruftMsgs.get(container)));
+ out.write(StringEscapeUtils.escapeEcmaScript(output));
+ out.write(IFRAME_RESPONSE_SUFFIX);
} else {
response.setContentType("application/json");
out.write(this.unparseableCruftMsgs.get(container) + output);
Modified: shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestHandlerTest.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestHandlerTest.java?rev=1351048&r1=1351047&r2=1351048&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestHandlerTest.java (original)
+++ shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestHandlerTest.java Sun Jun 17 05:14:06 2012
@@ -32,6 +32,8 @@ import java.util.TreeMap;
import javax.servlet.http.HttpServletRequest;
+import org.apache.commons.lang3.StringEscapeUtils;
+import org.apache.commons.lang3.StringUtils;
import org.apache.shindig.auth.AuthInfoUtil;
import org.apache.shindig.auth.SecurityToken;
import org.apache.shindig.common.servlet.HttpUtilTest;
@@ -60,6 +62,7 @@ import org.json.JSONObject;
import org.junit.Before;
import org.junit.Test;
+import com.google.common.base.Strings;
import com.google.common.collect.Lists;
/**
@@ -149,11 +152,14 @@ public class MakeRequestHandlerTest exte
}
private JSONObject extractJsonFromResponse() throws JSONException {
- String body = recorder.getResponseAsString();
+ return extractJsonFromResponse(recorder.getResponseAsString());
+ }
+
+ private JSONObject extractJsonFromResponse(String response) throws JSONException {
String defaultCruftMsg = "throw 1; < don't be evil' >";
- assertStartsWith(defaultCruftMsg, body);
- body = body.substring(defaultCruftMsg.length());
- return new JSONObject(body).getJSONObject(REQUEST_URL.toString());
+ assertStartsWith(defaultCruftMsg, response);
+ response = response.substring(defaultCruftMsg.length());
+ return new JSONObject(response).getJSONObject(REQUEST_URL.toString());
}
@Before
@@ -473,6 +479,29 @@ public class MakeRequestHandlerTest exte
}
@Test
+ public void testMultiPartFormPostWithSpecialChars() throws Exception {
+ String body = "\u003c!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01//EN\" \"http://www.w3.org/TR/html4/strict.dtd\"\u003e"
+ + "<html><body>"Hello, world!"</body></html>";
+ expectGetAndReturnBody(body);
+
+ expect(request.getParameter(MakeRequestHandler.CONTENT_TYPE_PARAM)).andReturn("TEXT");
+ expect(request.getParameter(MakeRequestHandler.MULTI_PART_FORM_POST_IFRAME)).andReturn("1");
+ replay();
+
+ handler.fetch(request, recorder);
+ String response = recorder.getResponseAsString();
+ response = StringUtils.removeStart(response, MakeRequestHandler.IFRAME_RESPONSE_PREFIX);
+ response = StringUtils.removeEnd(response, MakeRequestHandler.IFRAME_RESPONSE_SUFFIX);
+ response = StringEscapeUtils.unescapeEcmaScript(response);
+ JSONObject result = extractJsonFromResponse(response);
+ assertEquals(
+ "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01//EN\" \"http://www.w3.org/TR/html4/strict.dtd\">"
+ + "<html><body>"Hello, world!"</body></html>",
+ result.get("body")
+ );
+ }
+
+ @Test
public void testFetchEmptyDocument() throws Exception {
expectGetAndReturnBody("");
replay();