Skip to content

Commit

Permalink
history: Update posting history escaping method
Browse files Browse the repository at this point in the history
  • Loading branch information
@doortts
doortts committed Apr 15, 2017
1 parent 645f6f1 commit 97169d5
Show file tree
Hide file tree
Showing 4 changed files with 10 additions and 9 deletions.
11 changes: 6 additions & 5 deletions app/controllers/AbstractPostingApp.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
import models.enumeration.Operation;
import models.resource.Resource;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringEscapeUtils;
import org.apache.commons.lang3.StringUtils;
import play.data.Form;
import play.db.ebean.Model;
Expand Down Expand Up @@ -187,25 +188,25 @@ private static String getDiffText(String oldValue, String newValue) {
switch (diff.operation) {
case DELETE:
sb.append("<span class='diff-deleted'>");
sb.append(diff.text.replaceAll("\n", "&nbsp;\n"));
sb.append(StringEscapeUtils.escapeHtml4(diff.text).replaceAll("\n", "&nbsp<br/>\n"));
sb.append("</span>");
break;
case EQUAL:
int textLength = diff.text.length();
if(textLength > EQUAL_TEXT_ELLIPSIS_SIZE) {
sb.append(diff.text.substring(0, 150))
sb.append(StringEscapeUtils.escapeHtml4(diff.text.substring(0, 150)))
.append("<span class='diff-ellipsis'>...\n")
.append("......\n")
.append("......\n")
.append("...</span>")
.append(diff.text.substring(textLength - 150));
.append(StringEscapeUtils.escapeHtml4(diff.text.substring(textLength - 150)));
} else {
sb.append(diff.text);
sb.append(StringEscapeUtils.escapeHtml4(diff.text));
}
break;
case INSERT:
sb.append("<span class='diff-added'>");
sb.append(diff.text.replaceAll("\n", "&nbsp;\n"));
sb.append(StringEscapeUtils.escapeHtml4(diff.text).replaceAll("\n", "&nbsp<br/>\n"));
sb.append("</span>");
break;
default:
Expand Down
2 changes: 1 addition & 1 deletion app/models/Issue.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ public class Issue extends AbstractPosting implements LabelOwner {
public static final String TO_BE_ASSIGNED = "";
public static final Pattern ISSUE_PATTERN = Pattern.compile("#\\d+");

public State state;
public State state = State.OPEN;

@Formats.DateTime(pattern = "yyyy-MM-dd")
public Date dueDate;
Expand Down
2 changes: 1 addition & 1 deletion app/utils/Markdown.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@ private static String checkReferrer(String source) {
return source;
}

private static String sanitize(String source) {
public static String sanitize(String source) {
return sanitizerPolicy.sanitize(source);
}

Expand Down
4 changes: 2 additions & 2 deletions app/views/common/partial_history.scala.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
@(posting:models.AbstractPosting)

@import utils.TemplateHelper._
@import utils.HtmlUtil
@import utils.Markdown

<div id="-yona-posting-history" class="modal hide">
<div class="modal-header">
Expand All @@ -16,7 +16,7 @@ <h5 class="nm">@Messages("change.history")</h5>
</div>
<div class="modal-body">
<p>
@Html(HtmlUtil.defaultSanitize(posting.history))
@Html(Markdown.sanitize(posting.history))
</p>
</div>
<div class="modal-footer">
Expand Down

0 comments on commit 97169d5

Please sign in to comment.