6:04 a.m.
Author: trong.tran
Date: 2011-09-20 07:04:13 -0400 (Tue, 20 Sep 2011)
New Revision: 7466
Added:
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/validator/NotHTMLTagValidator.java
Removed:
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/validator/EscapeHTMLValidator.java
Modified:
portal/branches/xss/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UIApplicationForm.java
portal/branches/xss/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UICategoryForm.java
portal/branches/xss/web/portal/src/main/webapp/WEB-INF/classes/locale/portal/webui_en.properties
portal/branches/xss/web/portal/src/main/webapp/WEB-INF/classes/locale/portal/webui_vi.properties
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/UIFormInputBase.java
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/UIFormStringInput.java
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/UIFormTextAreaInput.java
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/validator/ExpressionValidator.java
portal/branches/xss/webui/portal/src/main/java/org/exoplatform/portal/webui/application/UIPortletForm.java
Log:
Code sanitization and small bug fixes
Modified:
portal/branches/xss/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UIApplicationForm.java
===================================================================
---
portal/branches/xss/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UIApplicationForm.java 2011-09-20
08:47:24 UTC (rev 7465)
+++
portal/branches/xss/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UIApplicationForm.java 2011-09-20
11:04:13 UTC (rev 7466)
@@ -35,7 +35,7 @@
import org.exoplatform.webui.form.UIForm;
import org.exoplatform.webui.form.UIFormStringInput;
import org.exoplatform.webui.form.UIFormTextAreaInput;
-import org.exoplatform.webui.form.validator.EscapeHTMLValidator;
+import org.exoplatform.webui.form.validator.NotHTMLTagValidator;
import org.exoplatform.webui.form.validator.MandatoryValidator;
import org.exoplatform.webui.form.validator.NameValidator;
import org.exoplatform.webui.form.validator.StringLengthValidator;
@@ -62,10 +62,10 @@
addUIFormInput(new UIFormStringInput("applicationName",
"applicationName", null).addValidator(
MandatoryValidator.class).addValidator(StringLengthValidator.class, 3,
30).addValidator(NameValidator.class));
addUIFormInput(new UIFormStringInput("displayName",
"displayName", null).addValidator(
- StringLengthValidator.class, 3, 30).addValidator(EscapeHTMLValidator.class));
+ StringLengthValidator.class, 3, 30).addValidator(NotHTMLTagValidator.class));
addUIFormInput(new UIFormTextAreaInput("description",
"description", null)
.addValidator(StringLengthValidator.class, 0, 255)
- .addValidator(EscapeHTMLValidator.class));
+ .addValidator(NotHTMLTagValidator.class));
}
public void setValues(Application app) throws Exception
Modified:
portal/branches/xss/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UICategoryForm.java
===================================================================
---
portal/branches/xss/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UICategoryForm.java 2011-09-20
08:47:24 UTC (rev 7465)
+++
portal/branches/xss/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UICategoryForm.java 2011-09-20
11:04:13 UTC (rev 7466)
@@ -36,7 +36,7 @@
import org.exoplatform.webui.form.UIFormStringInput;
import org.exoplatform.webui.form.UIFormTabPane;
import org.exoplatform.webui.form.UIFormTextAreaInput;
-import org.exoplatform.webui.form.validator.EscapeHTMLValidator;
+import org.exoplatform.webui.form.validator.NotHTMLTagValidator;
import org.exoplatform.webui.form.validator.IdentifierValidator;
import org.exoplatform.webui.form.validator.MandatoryValidator;
import org.exoplatform.webui.form.validator.StringLengthValidator;
@@ -75,7 +75,7 @@
MandatoryValidator.class).addValidator(StringLengthValidator.class, 3,
30).addValidator(
IdentifierValidator.class));
uiCategorySetting.addUIFormInput(new UIFormStringInput(FIELD_DISPLAY_NAME,
FIELD_DISPLAY_NAME, null)
- .addValidator(StringLengthValidator.class, 3,
30).addValidator(EscapeHTMLValidator.class));
+ .addValidator(StringLengthValidator.class, 3,
30).addValidator(NotHTMLTagValidator.class));
uiCategorySetting.addUIFormInput(new UIFormTextAreaInput(FIELD_DESCRIPTION,
FIELD_DESCRIPTION, null)
.addValidator(StringLengthValidator.class, 0, 255));
addChild(uiCategorySetting);
Modified:
portal/branches/xss/web/portal/src/main/webapp/WEB-INF/classes/locale/portal/webui_en.properties
===================================================================
---
portal/branches/xss/web/portal/src/main/webapp/WEB-INF/classes/locale/portal/webui_en.properties 2011-09-20
08:47:24 UTC (rev 7465)
+++
portal/branches/xss/web/portal/src/main/webapp/WEB-INF/classes/locale/portal/webui_en.properties 2011-09-20
11:04:13 UTC (rev 7466)
@@ -114,7 +114,7 @@
# Escape HTML character Validator #
#############################################################################
-EscapeHTMLValidator.msg.value-invalid=The "{0}" field is invalid, it should not
contain < or >.
+NotHTMLTagValidator.msg.value-invalid=The "{0}" field is invalid, it should not
contain HTML tag.
#############################################################################
# Label for UIFormMultiValueInputSet #
Modified:
portal/branches/xss/web/portal/src/main/webapp/WEB-INF/classes/locale/portal/webui_vi.properties
===================================================================
---
portal/branches/xss/web/portal/src/main/webapp/WEB-INF/classes/locale/portal/webui_vi.properties 2011-09-20
08:47:24 UTC (rev 7465)
+++
portal/branches/xss/web/portal/src/main/webapp/WEB-INF/classes/locale/portal/webui_vi.properties 2011-09-20
11:04:13 UTC (rev 7466)
@@ -88,7 +88,7 @@
# Escape HTML character Validator #
#############################################################################
-EscapeHTMLValidator.msg.value-invalid=Giá trị trường "{0}" không hợp lệ, không
cho phép dấu < hoặc >.
+NotHTMLTagValidator.msg.value-invalid=Giá trị trường "{0}" không hợp lệ, không
cho phép dấu < hoặc >.
#############################################################################
# Label for UIFormMultiValueInputSet #
Modified:
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/UIFormInputBase.java
===================================================================
---
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/UIFormInputBase.java 2011-09-20
08:47:24 UTC (rev 7465)
+++
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/UIFormInputBase.java 2011-09-20
11:04:13 UTC (rev 7466)
@@ -94,7 +94,7 @@
/**
* Encode the value before rendering or not. The value will be encoded by default.
*/
- protected boolean escapeHTML_ = true;
+ protected boolean escapedHTML_ = true;
public UIFormInputBase(String name, String bindingField, Class<T> typeValue)
{
@@ -243,14 +243,14 @@
this.label = label;
}
- public boolean isEscapeHTML()
+ public boolean isEscapedHTML()
{
- return escapeHTML_;
+ return escapedHTML_;
}
- public void setEscapeHTML(boolean escapeHTML_)
+ public void setEscapedHTML(boolean escapedHTML)
{
- this.escapeHTML_ = escapeHTML_;
+ this.escapedHTML_ = escapedHTML;
}
}
\ No newline at end of file
Modified:
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/UIFormStringInput.java
===================================================================
---
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/UIFormStringInput.java 2011-09-20
08:47:24 UTC (rev 7465)
+++
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/UIFormStringInput.java 2011-09-20
11:04:13 UTC (rev 7466)
@@ -115,7 +115,7 @@
w.write('\'');
if (value != null && value.length() > 0)
{
- if (escapeHTML_)
+ if (isEscapedHTML())
{
value = EntityEncoder.FULL.encode(value);
}
Modified:
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/UIFormTextAreaInput.java
===================================================================
---
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/UIFormTextAreaInput.java 2011-09-20
08:47:24 UTC (rev 7465)
+++
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/UIFormTextAreaInput.java 2011-09-20
11:04:13 UTC (rev 7466)
@@ -73,12 +73,12 @@
w.write(">");
if (value != null)
{
- if (escapeHTML_)
+ if (isEscapedHTML())
{
value = EntityEncoder.FULL.encode(value);
}
+ w.write(value);
}
- w.write(value);
w.write("</textarea>");
if (this.isMandatory())
w.write(" *");
Deleted:
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/validator/EscapeHTMLValidator.java
===================================================================
---
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/validator/EscapeHTMLValidator.java 2011-09-20
08:47:24 UTC (rev 7465)
+++
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/validator/EscapeHTMLValidator.java 2011-09-20
11:04:13 UTC (rev 7466)
@@ -1,72 +0,0 @@
-/**
- * Copyright (C) 2011 eXo Platform SAS.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.exoplatform.webui.form.validator;
-
-import org.exoplatform.web.application.ApplicationMessage;
-import org.exoplatform.webui.core.UIComponent;
-import org.exoplatform.webui.exception.MessageException;
-import org.exoplatform.webui.form.UIForm;
-import org.exoplatform.webui.form.UIFormInput;
-
-/**
- * @author <a href="mailto:ndkhoi168@gmail.com">Nguyen Duc
Khoi</a>
- * Sep 14, 2011
- */
-public class EscapeHTMLValidator implements Validator
-{
- private static final String REGEX = "[^\\<\\>]*";
-
- private String key_;
-
- public EscapeHTMLValidator()
- {
- key_ = "EscapeHTMLValidator.msg.value-invalid";
- }
-
- public EscapeHTMLValidator(final String key)
- {
- if (key == null)
- throw new IllegalArgumentException("Message key has to not null
value");
- key_ = key;
- }
-
- @Override
- public void validate(UIFormInput uiInput) throws Exception
- {
- if ((uiInput.getValue() == null) || (uiInput.getValue().toString().trim().length()
== 0))
- return;
- String s = uiInput.getValue().toString().trim();
- if (s.matches(REGEX))
- return;
-
- UIForm uiForm = ((UIComponent)uiInput).getAncestorOfType(UIForm.class);
- String label;
- try
- {
- label = uiForm.getId() + ".label." + uiInput.getName();
- }
- catch (Exception e)
- {
- label = uiInput.getName();
- }
- Object[] args = {label};
- throw new MessageException(new ApplicationMessage(key_, args,
ApplicationMessage.WARNING));
- }
-
-}
Modified:
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/validator/ExpressionValidator.java
===================================================================
---
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/validator/ExpressionValidator.java 2011-09-20
08:47:24 UTC (rev 7465)
+++
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/validator/ExpressionValidator.java 2011-09-20
11:04:13 UTC (rev 7466)
@@ -64,13 +64,11 @@
{
return;
}
- if (uiInput.getValue() != null)
+
+ String value = ((String)uiInput.getValue()).trim();
+ if (value.matches(expression_))
{
- String value = ((String)uiInput.getValue()).trim();
- if (value.matches(expression_))
- {
- return;
- }
+ return;
}
// modified by Pham Dinh Tan
Copied:
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/validator/NotHTMLTagValidator.java
(from rev 7461,
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/validator/EscapeHTMLValidator.java)
===================================================================
---
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/validator/NotHTMLTagValidator.java
(rev 0)
+++
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/validator/NotHTMLTagValidator.java 2011-09-20
11:04:13 UTC (rev 7466)
@@ -0,0 +1,38 @@
+/**
+ * Copyright (C) 2011 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.exoplatform.webui.form.validator;
+
+/**
+ * @author <a href="trongtt(a)gmail.com">Trong Tran</a>
+ * @version $Revision$
+ */
+public class NotHTMLTagValidator extends ExpressionValidator
+{
+ private static final String REGEX = "[^\\<\\>]*";
+
+ public NotHTMLTagValidator()
+ {
+ super(REGEX, "NotHTMLTagValidator.msg.value-invalid");
+ }
+
+ public NotHTMLTagValidator(final String key)
+ {
+ super(REGEX, key);
+ }
+}
Modified:
portal/branches/xss/webui/portal/src/main/java/org/exoplatform/portal/webui/application/UIPortletForm.java
===================================================================
---
portal/branches/xss/webui/portal/src/main/java/org/exoplatform/portal/webui/application/UIPortletForm.java 2011-09-20
08:47:24 UTC (rev 7465)
+++
portal/branches/xss/webui/portal/src/main/java/org/exoplatform/portal/webui/application/UIPortletForm.java 2011-09-20
11:04:13 UTC (rev 7466)
@@ -46,7 +46,7 @@
import org.exoplatform.webui.event.Event.Phase;
import org.exoplatform.webui.event.EventListener;
import org.exoplatform.webui.form.*;
-import org.exoplatform.webui.form.validator.EscapeHTMLValidator;
+import org.exoplatform.webui.form.validator.NotHTMLTagValidator;
import org.exoplatform.webui.form.validator.ExpressionValidator;
import org.exoplatform.webui.form.validator.MandatoryValidator;
import org.exoplatform.webui.form.validator.StringLengthValidator;
@@ -98,7 +98,7 @@
addValidator(MandatoryValidator.class).setEditable(false)).
addUIFormInput(new UIFormStringInput("windowId", "windowId",
null).setEditable(false)).*/
addUIFormInput(new UIFormInputInfo("displayName",
"displayName", null)).addUIFormInput(
- new UIFormStringInput("title", "title",
null).addValidator(StringLengthValidator.class, 3,
60).addValidator(EscapeHTMLValidator.class,
+ new UIFormStringInput("title", "title",
null).addValidator(StringLengthValidator.class, 3,
60).addValidator(NotHTMLTagValidator.class,
"UIPortletForm.msg.InvalidPortletTitle"))
.addUIFormInput(
new UIFormStringInput("width", "width",
null).addValidator(ExpressionValidator.class, "(^([1-9]\\d*)px$)?",
@@ -109,7 +109,7 @@
new UIFormCheckBoxInput("showPortletMode",
"showPortletMode", false)).addUIFormInput(
new UIFormCheckBoxInput("showWindowState",
"showWindowState", false)).addUIFormInput(
new UIFormTextAreaInput("description",
"description", null).addValidator(StringLengthValidator.class,
- 0, 255).addValidator(EscapeHTMLValidator.class,
"UIPortletForm.msg.InvalidPortletDescription"));
+ 0, 255).addValidator(NotHTMLTagValidator.class,
"UIPortletForm.msg.InvalidPortletDescription"));
addUIFormInput(uiSettingSet);
UIFormInputIconSelector uiIconSelector = new
UIFormInputIconSelector("Icon", "icon");
addUIFormInput(uiIconSelector);