Author: trong.tran
Date: 2011-09-30 04:45:51 -0400 (Fri, 30 Sep 2011)
New Revision: 7572
Modified:
portal/branches/xss/component/common/src/main/java/org/exoplatform/commons/utils/HTMLEntityEncoder.java
portal/branches/xss/component/common/src/main/java/org/exoplatform/commons/xml/DOMSerializer.java
portal/branches/xss/component/common/src/test/java/org/exoplatform/commons/utils/TestHTMLEntityEncoder.java
portal/branches/xss/component/portal/src/main/java/org/exoplatform/portal/mop/user/UserNode.java
portal/branches/xss/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UICategorySelector.java
portal/branches/xss/portlet/exoadmin/src/main/java/org/exoplatform/navigation/webui/TreeNode.java
portal/branches/xss/portlet/exoadmin/src/main/webapp/groovy/admintoolbar/webui/component/UIUserInfoPortlet.gtmpl
portal/branches/xss/portlet/exoadmin/src/main/webapp/groovy/admintoolbar/webui/component/UIUserToolBarSitePortlet.gtmpl
portal/branches/xss/portlet/exoadmin/src/main/webapp/groovy/applicationregistry/webui/component/UIApplicationInfo.gtmpl
portal/branches/xss/portlet/exoadmin/src/main/webapp/groovy/applicationregistry/webui/component/UIApplicationOrganizer.gtmpl
portal/branches/xss/portlet/exoadmin/src/main/webapp/groovy/applicationregistry/webui/component/UIGadgetInfo.gtmpl
portal/branches/xss/portlet/exoadmin/src/main/webapp/groovy/applicationregistry/webui/component/UIPortletInfo.gtmpl
portal/branches/xss/portlet/exoadmin/src/main/webapp/groovy/navigation/webui/component/UINavigationGrid.gtmpl
portal/branches/xss/portlet/exoadmin/src/main/webapp/groovy/navigation/webui/component/UISiteManagement.gtmpl
portal/branches/xss/portlet/web/src/main/webapp/groovy/portal/webui/component/UIBreadcumbsPortlet.gtmpl
portal/branches/xss/portlet/web/src/main/webapp/groovy/portal/webui/component/UIPortalNavigation.gtmpl
portal/branches/xss/web/portal/src/main/webapp/groovy/portal/webui/application/UIApplicationList.gtmpl
portal/branches/xss/web/portal/src/main/webapp/groovy/portal/webui/application/UIPortlet.gtmpl
portal/branches/xss/web/portal/src/main/webapp/groovy/portal/webui/page/UIWizardPageSetInfo.gtmpl
portal/branches/xss/web/portal/src/main/webapp/groovy/webui/core/UIBreadcumbs.gtmpl
portal/branches/xss/web/portal/src/main/webapp/groovy/webui/core/UIGrid.gtmpl
portal/branches/xss/web/portal/src/main/webapp/groovy/webui/core/UIPopupMessages.gtmpl
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/core/UITree.java
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/UIFormHiddenInput.java
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/UIFormInputInfo.java
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/UIFormSelectBox.java
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/UIFormStringInput.java
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/UIFormTextAreaInput.java
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/ext/UIFormColorPicker.java
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/ext/UIFormComboBox.java
portal/branches/xss/webui/dashboard/src/main/resources/groovy/dashboard/webui/component/UIDashboardSelectContainer.gtmpl
portal/branches/xss/webui/eXo/src/main/java/org/exoplatform/webui/organization/UIGroup.java
Log:
Changing to use HTMLEntityEncoder which HTML is encoded more correctly
Modified:
portal/branches/xss/component/common/src/main/java/org/exoplatform/commons/utils/HTMLEntityEncoder.java
===================================================================
---
portal/branches/xss/component/common/src/main/java/org/exoplatform/commons/utils/HTMLEntityEncoder.java 2011-09-30
08:08:49 UTC (rev 7571)
+++
portal/branches/xss/component/common/src/main/java/org/exoplatform/commons/utils/HTMLEntityEncoder.java 2011-09-30
08:45:51 UTC (rev 7572)
@@ -21,6 +21,7 @@
import org.gatein.common.io.WriterCharWriter;
import org.gatein.common.text.CharWriter;
import org.gatein.common.text.EncodingException;
+import org.gatein.common.text.EntityEncoder;
import org.gatein.common.util.ParameterValidation;
import java.io.StringWriter;
@@ -32,7 +33,7 @@
* @author <a href="trongtt(a)gmail.com">Trong Tran</a>
* @version $Revision$
*/
-public class HTMLEntityEncoder
+public class HTMLEntityEncoder extends EntityEncoder
{
private static volatile HTMLEntityEncoder singletonInstance;
@@ -54,9 +55,6 @@
/** . */
private final String[] hexToEntity = buildHexEntityNumberArray();
- /** . */
- private final String[] charToEntityName = buildEntityNameArray();
-
/**
* Character set that are immune from encoding in HTML
*/
@@ -89,6 +87,12 @@
return encode(input, IMMUNE_HTMLATTR);
}
+ @Override
+ public void safeEncode(char[] chars, int off, int len, CharWriter writer) throws
EncodingException
+ {
+ safeEncode(chars, off, len, writer, IMMUNE_HTML);
+ }
+
/**
* @param chars the array to encode
* @param off the offset in the chars array
@@ -97,7 +101,7 @@
* @param immune the characters array are immune from encoding
* @throws EncodingException
*/
- protected void safeEncode(char[] chars, int off, int len, CharWriter writer, char[]
immune) throws EncodingException
+ private void safeEncode(char[] chars, int off, int len, CharWriter writer, char[]
immune) throws EncodingException
{
// The index of the last copied char
@@ -154,12 +158,12 @@
writer.append(chars, previous, chars.length - previous);
}
- protected final String lookupEntityName(char c)
+ public final String lookupEntityName(char c)
{
- return charToEntityName[c];
+ return lookup(c);
}
- protected final String lookupHexEntityNumber(char c)
+ public final String lookupHexEntityNumber(char c)
{
if (c < 0xFF)
{
@@ -174,7 +178,9 @@
for (char ch : array)
{
if (c == ch)
+ {
return true;
+ }
}
return false;
}
@@ -188,271 +194,8 @@
safeEncode(input.toCharArray(), 0, input.length(), charWriter, immutable);
return sw.toString();
}
-
+
/**
- * Set of characters mapped to Entity name
- */
- private String[] buildEntityNameArray()
- {
- String[] ar = new String[65536];
-
- ar[34] = "quot"; // quotation mark
- ar[38] = "amp"; // ampersand
- ar[60] = "lt"; // less-than sign
- ar[62] = "gt"; // greater-than sign
- ar[160] = "nbsp"; // no-break space
- ar[161] = "iexcl"; // inverted exclamation mark
- ar[162] = "cent"; // cent sign
- ar[163] = "pound"; // pound sign
- ar[164] = "curren"; // currency sign
- ar[165] = "yen"; // yen sign
- ar[166] = "brvbar"; // broken bar
- ar[167] = "sect"; // section sign
- ar[168] = "uml"; // diaeresis
- ar[169] = "copy"; // copyright sign
- ar[170] = "ordf"; // feminine ordinal indicator
- ar[171] = "laquo"; // left-pointing double angle quotation mark
- ar[172] = "not"; // not sign
- ar[173] = "shy"; // soft hyphen
- ar[174] = "reg"; // registered sign
- ar[175] = "macr"; // macron
- ar[176] = "deg"; // degree sign
- ar[177] = "plusmn"; // plus-minus sign
- ar[178] = "sup2"; // superscript two
- ar[179] = "sup3"; // superscript three
- ar[180] = "acute"; // acute accent
- ar[181] = "micro"; // micro sign
- ar[182] = "para"; // pilcrow sign
- ar[183] = "middot"; // middle dot
- ar[184] = "cedil"; // cedilla
- ar[185] = "sup1"; // superscript one
- ar[186] = "ordm"; // masculine ordinal indicator
- ar[187] = "raquo"; // right-pointing double angle quotation mark
- ar[188] = "frac14"; // vulgar fraction one quarter
- ar[189] = "frac12"; // vulgar fraction one half
- ar[190] = "frac34"; // vulgar fraction three quarters
- ar[191] = "iquest"; // inverted question mark
- ar[192] = "Agrave"; // Latin capital letter a with grave
- ar[193] = "Aacute"; // Latin capital letter a with acute
- ar[194] = "Acirc"; // Latin capital letter a with circumflex
- ar[195] = "Atilde"; // Latin capital letter a with tilde
- ar[196] = "Auml"; // Latin capital letter a with diaeresis
- ar[197] = "Aring"; // Latin capital letter a with ring above
- ar[198] = "AElig"; // Latin capital letter ae
- ar[199] = "Ccedil"; // Latin capital letter c with cedilla
- ar[200] = "Egrave"; // Latin capital letter e with grave
- ar[201] = "Eacute"; // Latin capital letter e with acute
- ar[202] = "Ecirc"; // Latin capital letter e with circumflex
- ar[203] = "Euml"; // Latin capital letter e with diaeresis
- ar[204] = "Igrave"; // Latin capital letter i with grave
- ar[205] = "Iacute"; // Latin capital letter i with acute
- ar[206] = "Icirc"; // Latin capital letter i with circumflex
- ar[207] = "Iuml"; // Latin capital letter i with diaeresis
- ar[208] = "ETH"; // Latin capital letter eth
- ar[209] = "Ntilde"; // Latin capital letter n with tilde
- ar[210] = "Ograve"; // Latin capital letter o with grave
- ar[211] = "Oacute"; // Latin capital letter o with acute
- ar[212] = "Ocirc"; // Latin capital letter o with circumflex
- ar[213] = "Otilde"; // Latin capital letter o with tilde
- ar[214] = "Ouml"; // Latin capital letter o with diaeresis
- ar[215] = "times"; // multiplication sign
- ar[216] = "Oslash"; // Latin capital letter o with stroke
- ar[217] = "Ugrave"; // Latin capital letter u with grave
- ar[218] = "Uacute"; // Latin capital letter u with acute
- ar[219] = "Ucirc"; // Latin capital letter u with circumflex
- ar[220] = "Uuml"; // Latin capital letter u with diaeresis
- ar[221] = "Yacute"; // Latin capital letter y with acute
- ar[222] = "THORN"; // Latin capital letter thorn
- ar[223] = "szlig"; // Latin small letter sharp sXCOMMAX German Eszett
- ar[224] = "agrave"; // Latin small letter a with grave
- ar[225] = "aacute"; // Latin small letter a with acute
- ar[226] = "acirc"; // Latin small letter a with circumflex
- ar[227] = "atilde"; // Latin small letter a with tilde
- ar[228] = "auml"; // Latin small letter a with diaeresis
- ar[229] = "aring"; // Latin small letter a with ring above
- ar[230] = "aelig"; // Latin lowercase ligature ae
- ar[231] = "ccedil"; // Latin small letter c with cedilla
- ar[232] = "egrave"; // Latin small letter e with grave
- ar[233] = "eacute"; // Latin small letter e with acute
- ar[234] = "ecirc"; // Latin small letter e with circumflex
- ar[235] = "euml"; // Latin small letter e with diaeresis
- ar[236] = "igrave"; // Latin small letter i with grave
- ar[237] = "iacute"; // Latin small letter i with acute
- ar[238] = "icirc"; // Latin small letter i with circumflex
- ar[239] = "iuml"; // Latin small letter i with diaeresis
- ar[240] = "eth"; // Latin small letter eth
- ar[241] = "ntilde"; // Latin small letter n with tilde
- ar[242] = "ograve"; // Latin small letter o with grave
- ar[243] = "oacute"; // Latin small letter o with acute
- ar[244] = "ocirc"; // Latin small letter o with circumflex
- ar[245] = "otilde"; // Latin small letter o with tilde
- ar[246] = "ouml"; // Latin small letter o with diaeresis
- ar[247] = "divide"; // division sign
- ar[248] = "oslash"; // Latin small letter o with stroke
- ar[249] = "ugrave"; // Latin small letter u with grave
- ar[250] = "uacute"; // Latin small letter u with acute
- ar[251] = "ucirc"; // Latin small letter u with circumflex
- ar[252] = "uuml"; // Latin small letter u with diaeresis
- ar[253] = "yacute"; // Latin small letter y with acute
- ar[254] = "thorn"; // Latin small letter thorn
- ar[255] = "yuml"; // Latin small letter y with diaeresis
- ar[338] = "OElig"; // Latin capital ligature oe
- ar[339] = "oelig"; // Latin small ligature oe
- ar[352] = "Scaron"; // Latin capital letter s with caron
- ar[353] = "scaron"; // Latin small letter s with caron
- ar[376] = "Yuml"; // Latin capital letter y with diaeresis
- ar[402] = "fnof"; // Latin small letter f with hook
- ar[710] = "circ"; // modifier letter circumflex accent
- ar[732] = "tilde"; // small tilde
- ar[913] = "Alpha"; // Greek capital letter alpha
- ar[914] = "Beta"; // Greek capital letter beta
- ar[915] = "Gamma"; // Greek capital letter gamma
- ar[916] = "Delta"; // Greek capital letter delta
- ar[917] = "Epsilon"; // Greek capital letter epsilon
- ar[918] = "Zeta"; // Greek capital letter zeta
- ar[919] = "Eta"; // Greek capital letter eta
- ar[920] = "Theta"; // Greek capital letter theta
- ar[921] = "Iota"; // Greek capital letter iota
- ar[922] = "Kappa"; // Greek capital letter kappa
- ar[923] = "Lambda"; // Greek capital letter lambda
- ar[924] = "Mu"; // Greek capital letter mu
- ar[925] = "Nu"; // Greek capital letter nu
- ar[926] = "Xi"; // Greek capital letter xi
- ar[927] = "Omicron"; // Greek capital letter omicron
- ar[928] = "Pi"; // Greek capital letter pi
- ar[929] = "Rho"; // Greek capital letter rho
- ar[931] = "Sigma"; // Greek capital letter sigma
- ar[932] = "Tau"; // Greek capital letter tau
- ar[933] = "Upsilon"; // Greek capital letter upsilon
- ar[934] = "Phi"; // Greek capital letter phi
- ar[935] = "Chi"; // Greek capital letter chi
- ar[936] = "Psi"; // Greek capital letter psi
- ar[937] = "Omega"; // Greek capital letter omega
- ar[945] = "alpha"; // Greek small letter alpha
- ar[946] = "beta"; // Greek small letter beta
- ar[947] = "gamma"; // Greek small letter gamma
- ar[948] = "delta"; // Greek small letter delta
- ar[949] = "epsilon"; // Greek small letter epsilon
- ar[950] = "zeta"; // Greek small letter zeta
- ar[951] = "eta"; // Greek small letter eta
- ar[952] = "theta"; // Greek small letter theta
- ar[953] = "iota"; // Greek small letter iota
- ar[954] = "kappa"; // Greek small letter kappa
- ar[955] = "lambda"; // Greek small letter lambda
- ar[956] = "mu"; // Greek small letter mu
- ar[957] = "nu"; // Greek small letter nu
- ar[958] = "xi"; // Greek small letter xi
- ar[959] = "omicron"; // Greek small letter omicron
- ar[960] = "pi"; // Greek small letter pi
- ar[961] = "rho"; // Greek small letter rho
- ar[962] = "sigmaf"; // Greek small letter final sigma
- ar[963] = "sigma"; // Greek small letter sigma
- ar[964] = "tau"; // Greek small letter tau
- ar[965] = "upsilon"; // Greek small letter upsilon
- ar[966] = "phi"; // Greek small letter phi
- ar[967] = "chi"; // Greek small letter chi
- ar[968] = "psi"; // Greek small letter psi
- ar[969] = "omega"; // Greek small letter omega
- ar[977] = "thetasym";// Greek theta symbol
- ar[978] = "upsih"; // Greek upsilon with hook symbol
- ar[982] = "piv"; // Greek pi symbol
- ar[8194] = "ensp"; // en space
- ar[8195] = "emsp"; // em space
- ar[8201] = "thinsp"; // thin space
- ar[8204] = "zwnj"; // zero width non-joiner
- ar[8205] = "zwj"; // zero width joiner
- ar[8206] = "lrm"; // left-to-right mark
- ar[8207] = "rlm"; // right-to-left mark
- ar[8211] = "ndash"; // en dash
- ar[8212] = "mdash"; // em dash
- ar[8216] = "lsquo"; // left single quotation mark
- ar[8217] = "rsquo"; // right single quotation mark
- ar[8218] = "sbquo"; // single low-9 quotation mark
- ar[8220] = "ldquo"; // left double quotation mark
- ar[8221] = "rdquo"; // right double quotation mark
- ar[8222] = "bdquo"; // double low-9 quotation mark
- ar[8224] = "dagger"; // dagger
- ar[8225] = "Dagger"; // double dagger
- ar[8226] = "bull"; // bullet
- ar[8230] = "hellip"; // horizontal ellipsis
- ar[8240] = "permil"; // per mille sign
- ar[8242] = "prime"; // prime
- ar[8243] = "Prime"; // double prime
- ar[8249] = "lsaquo"; // single left-pointing angle quotation mark
- ar[8250] = "rsaquo"; // single right-pointing angle quotation mark
- ar[8254] = "oline"; // overline
- ar[8260] = "frasl"; // fraction slash
- ar[8364] = "euro"; // euro sign
- ar[8465] = "image"; // black-letter capital i
- ar[8472] = "weierp"; // script capital pXCOMMAX Weierstrass p
- ar[8476] = "real"; // black-letter capital r
- ar[8482] = "trade"; // trademark sign
- ar[8501] = "alefsym";// alef symbol
- ar[8592] = "larr"; // leftwards arrow
- ar[8593] = "uarr"; // upwards arrow
- ar[8594] = "rarr"; // rightwards arrow
- ar[8595] = "darr"; // downwards arrow
- ar[8596] = "harr"; // left right arrow
- ar[8629] = "crarr"; // downwards arrow with corner leftwards
- ar[8656] = "lArr"; // leftwards double arrow
- ar[8657] = "uArr"; // upwards double arrow
- ar[8658] = "rArr"; // rightwards double arrow
- ar[8659] = "dArr"; // downwards double arrow
- ar[8660] = "hArr"; // left right double arrow
- ar[8704] = "forall"; // for all
- ar[8706] = "part"; // partial differential
- ar[8707] = "exist"; // there exists
- ar[8709] = "empty"; // empty set
- ar[8711] = "nabla"; // nabla
- ar[8712] = "isin"; // element of
- ar[8713] = "notin"; // not an element of
- ar[8715] = "ni"; // contains as member
- ar[8719] = "prod"; // n-ary product
- ar[8721] = "sum"; // n-ary summation
- ar[8722] = "minus"; // minus sign
- ar[8727] = "lowast"; // asterisk operator
- ar[8730] = "radic"; // square root
- ar[8733] = "prop"; // proportional to
- ar[8734] = "infin"; // infinity
- ar[8736] = "ang"; // angle
- ar[8743] = "and"; // logical and
- ar[8744] = "or"; // logical or
- ar[8745] = "cap"; // intersection
- ar[8746] = "cup"; // union
- ar[8747] = "int"; // integral
- ar[8756] = "there4"; // therefore
- ar[8764] = "sim"; // tilde operator
- ar[8773] = "cong"; // congruent to
- ar[8776] = "asymp"; // almost equal to
- ar[8800] = "ne"; // not equal to
- ar[8801] = "equiv"; // identical toXCOMMAX equivalent to
- ar[8804] = "le"; // less-than or equal to
- ar[8805] = "ge"; // greater-than or equal to
- ar[8834] = "sub"; // subset of
- ar[8835] = "sup"; // superset of
- ar[8836] = "nsub"; // not a subset of
- ar[8838] = "sube"; // subset of or equal to
- ar[8839] = "supe"; // superset of or equal to
- ar[8853] = "oplus"; // circled plus
- ar[8855] = "otimes"; // circled times
- ar[8869] = "perp"; // up tack
- ar[8901] = "sdot"; // dot operator
- ar[8968] = "lceil"; // left ceiling
- ar[8969] = "rceil"; // right ceiling
- ar[8970] = "lfloor"; // left floor
- ar[8971] = "rfloor"; // right floor
- ar[9001] = "lang"; // left-pointing angle bracket
- ar[9002] = "rang"; // right-pointing angle bracket
- ar[9674] = "loz"; // lozenge
- ar[9824] = "spades"; // black spade suit
- ar[9827] = "clubs"; // black club suit
- ar[9829] = "hearts"; // black heart suit
- ar[9830] = "diams"; // black diamond suit
-
- return ar;
- }
-
- /**
* Build an array to store the hex string for characters to be encoded.
* If the character shouldn't be encoded, then store null.
*
@@ -462,11 +205,6 @@
{
String[] array = new String[256];
- /*
- * Initialize an array to mark which characters are to be encoded. Store the hex
- * string for that character to save time later. If the character shouldn't be
- * encoded, then store null.
- */
for (char c = 0; c < 0xFF; c++)
{
if (c >= 0x30 && c <= 0x39 || c >= 0x41 && c <= 0x5A
|| c >= 0x61 && c <= 0x7A)
Modified:
portal/branches/xss/component/common/src/main/java/org/exoplatform/commons/xml/DOMSerializer.java
===================================================================
---
portal/branches/xss/component/common/src/main/java/org/exoplatform/commons/xml/DOMSerializer.java 2011-09-30
08:08:49 UTC (rev 7571)
+++
portal/branches/xss/component/common/src/main/java/org/exoplatform/commons/xml/DOMSerializer.java 2011-09-30
08:45:51 UTC (rev 7572)
@@ -19,9 +19,9 @@
package org.exoplatform.commons.xml;
+import org.exoplatform.commons.utils.HTMLEntityEncoder;
import org.gatein.common.logging.Logger;
import org.gatein.common.logging.LoggerFactory;
-import org.gatein.common.text.EntityEncoder;
import org.w3c.dom.Attr;
import org.w3c.dom.CDATASection;
import org.w3c.dom.CharacterData;
@@ -30,12 +30,12 @@
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
-import javax.xml.stream.FactoryConfigurationError;
+import java.io.IOException;
+import java.io.Writer;
+
import javax.xml.stream.XMLOutputFactory;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamWriter;
-import java.io.IOException;
-import java.io.Writer;
/**
* An high performance and custom DOM serializer based on stax {@link XMLStreamWriter}.
@@ -173,7 +173,7 @@
for(int i = 0; i < data.length(); i++)
{
char c = data.charAt(i);
- String encodedValue = EntityEncoder.FULL.lookup(c);
+ String encodedValue = HTMLEntityEncoder.getInstance().lookupEntityName(c);
if(encodedValue == null)
{
Modified:
portal/branches/xss/component/common/src/test/java/org/exoplatform/commons/utils/TestHTMLEntityEncoder.java
===================================================================
---
portal/branches/xss/component/common/src/test/java/org/exoplatform/commons/utils/TestHTMLEntityEncoder.java 2011-09-30
08:08:49 UTC (rev 7571)
+++
portal/branches/xss/component/common/src/test/java/org/exoplatform/commons/utils/TestHTMLEntityEncoder.java 2011-09-30
08:45:51 UTC (rev 7572)
@@ -30,12 +30,17 @@
public void testHTMLEncoding()
{
+ assertEquals("<h1>HELLO WORLD</h1>",
htmlEncoder.encode("<h1>HELLO WORLD</h1>"));
assertEquals("<h1>HELLO WORLD</h1>",
htmlEncoder.encodeHTML("<h1>HELLO WORLD</h1>"));
+ assertEquals("alert('HELLO WORLD')",
htmlEncoder.encode("alert('HELLO WORLD')"));
assertEquals("alert('HELLO WORLD')",
htmlEncoder.encodeHTML("alert('HELLO WORLD')"));
assertEquals(
"<a
href="http://example.com/?name1=value1&name2=value2&name3=a+b">link</a>",
+ htmlEncoder.encode("<a
href=\"http://example.com/?name1=value1&name2=value2&name3=a...;
+ assertEquals(
+ "<a
href="http://example.com/?name1=value1&name2=value2&name3=a+b">link</a>",
htmlEncoder.encodeHTML("<a
href=\"http://example.com/?name1=value1&name2=value2&name3=a...;
}
Modified:
portal/branches/xss/component/portal/src/main/java/org/exoplatform/portal/mop/user/UserNode.java
===================================================================
---
portal/branches/xss/component/portal/src/main/java/org/exoplatform/portal/mop/user/UserNode.java 2011-09-30
08:08:49 UTC (rev 7571)
+++
portal/branches/xss/component/portal/src/main/java/org/exoplatform/portal/mop/user/UserNode.java 2011-09-30
08:45:51 UTC (rev 7572)
@@ -20,12 +20,12 @@
package org.exoplatform.portal.mop.user;
import org.exoplatform.commons.utils.ExpressionUtil;
+import org.exoplatform.commons.utils.HTMLEntityEncoder;
import org.exoplatform.portal.mop.Described;
import org.exoplatform.portal.mop.Visibility;
import org.exoplatform.portal.mop.description.DescriptionService;
import org.exoplatform.portal.mop.navigation.NodeContext;
import org.exoplatform.portal.mop.navigation.NodeState;
-import org.gatein.common.text.EntityEncoder;
import java.util.Collection;
import java.util.Collections;
@@ -230,7 +230,7 @@
{
if (encodedResolvedLabel == null)
{
- encodedResolvedLabel = EntityEncoder.FULL.encode(getResolvedLabel());
+ encodedResolvedLabel =
HTMLEntityEncoder.getInstance().encode(getResolvedLabel());
}
return encodedResolvedLabel;
}
Modified:
portal/branches/xss/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UICategorySelector.java
===================================================================
---
portal/branches/xss/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UICategorySelector.java 2011-09-30
08:08:49 UTC (rev 7571)
+++
portal/branches/xss/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UICategorySelector.java 2011-09-30
08:45:51 UTC (rev 7572)
@@ -1,27 +1,25 @@
package org.exoplatform.applicationregistry.webui.component;
-import org.apache.shindig.gadgets.Gadget;
import org.exoplatform.application.registry.Application;
import org.exoplatform.application.registry.ApplicationCategory;
import org.exoplatform.application.registry.ApplicationRegistryService;
import org.exoplatform.applicationregistry.webui.Util;
-import org.exoplatform.commons.utils.SerializablePageList;
import org.exoplatform.commons.serialization.api.annotations.Serialized;
+import org.exoplatform.commons.utils.HTMLEntityEncoder;
+import org.exoplatform.commons.utils.SerializablePageList;
import org.exoplatform.webui.config.annotation.ComponentConfig;
import org.exoplatform.webui.config.annotation.EventConfig;
import org.exoplatform.webui.core.UIContainer;
import org.exoplatform.webui.core.lifecycle.UIFormLifecycle;
import org.exoplatform.webui.event.Event;
-import org.exoplatform.webui.event.EventListener;
import org.exoplatform.webui.event.Event.Phase;
+import org.exoplatform.webui.event.EventListener;
import org.exoplatform.webui.form.UIForm;
import org.exoplatform.webui.form.UIFormCheckBoxInput;
import org.exoplatform.webui.form.UIFormInputInfo;
import org.exoplatform.webui.form.UIFormInputSet;
import org.exoplatform.webui.form.UIFormPageIterator;
-import org.gatein.common.text.EntityEncoder;
-
import java.util.ArrayList;
import java.util.List;
@@ -80,7 +78,7 @@
UIFormCheckBoxInput<Boolean> checkBoxInput;
UIFormInputInfo uiInfo;
- EntityEncoder encoder = EntityEncoder.FULL;
+ HTMLEntityEncoder encoder = HTMLEntityEncoder.getInstance();
//
ApplicationRegistryService appRegService =
getApplicationComponent(ApplicationRegistryService.class);
Modified:
portal/branches/xss/portlet/exoadmin/src/main/java/org/exoplatform/navigation/webui/TreeNode.java
===================================================================
---
portal/branches/xss/portlet/exoadmin/src/main/java/org/exoplatform/navigation/webui/TreeNode.java 2011-09-30
08:08:49 UTC (rev 7571)
+++
portal/branches/xss/portlet/exoadmin/src/main/java/org/exoplatform/navigation/webui/TreeNode.java 2011-09-30
08:45:51 UTC (rev 7572)
@@ -1,5 +1,6 @@
package org.exoplatform.navigation.webui;
+import org.exoplatform.commons.utils.HTMLEntityEncoder;
import org.exoplatform.portal.mop.Described.State;
import org.exoplatform.portal.mop.Visibility;
import org.exoplatform.portal.mop.navigation.NodeChangeListener;
@@ -7,7 +8,6 @@
import org.exoplatform.portal.mop.user.UserNavigation;
import org.exoplatform.portal.mop.user.UserNode;
import org.exoplatform.portal.webui.util.Util;
-import org.gatein.common.text.EntityEncoder;
import java.util.HashMap;
import java.util.LinkedList;
@@ -225,7 +225,7 @@
return node.getName();
}
- return EntityEncoder.FULL.encode(label);
+ return HTMLEntityEncoder.getInstance().encode(label);
}
}
}
Modified:
portal/branches/xss/portlet/exoadmin/src/main/webapp/groovy/admintoolbar/webui/component/UIUserInfoPortlet.gtmpl
===================================================================
---
portal/branches/xss/portlet/exoadmin/src/main/webapp/groovy/admintoolbar/webui/component/UIUserInfoPortlet.gtmpl 2011-09-30
08:08:49 UTC (rev 7571)
+++
portal/branches/xss/portlet/exoadmin/src/main/webapp/groovy/admintoolbar/webui/component/UIUserInfoPortlet.gtmpl 2011-09-30
08:45:51 UTC (rev 7572)
@@ -1,6 +1,7 @@
<%
import org.exoplatform.services.organization.User;
- import org.gatein.common.text.EntityEncoder;
+ import org.gatein.common.text.EntityEncoder;
+ import org.exoplatform.commons.utils.HTMLEntityEncoder;
def rcontext = _ctx.getRequestContext();
@@ -9,7 +10,7 @@
<ul class="UIUserInfoPortlet" id="$uicomponent.id">
<li class="Name">
<% if(rcontext.getRemoteUser() != null) {
- EntityEncoder encoder = EntityEncoder.FULL;
+ EntityEncoder encoder = HTMLEntityEncoder.getInstance();
fullName = encoder.encode(uicomponent.getUser().getFullName());
%>
<a href="$accountSetting"><%=fullName%></a>
Modified:
portal/branches/xss/portlet/exoadmin/src/main/webapp/groovy/admintoolbar/webui/component/UIUserToolBarSitePortlet.gtmpl
===================================================================
---
portal/branches/xss/portlet/exoadmin/src/main/webapp/groovy/admintoolbar/webui/component/UIUserToolBarSitePortlet.gtmpl 2011-09-30
08:08:49 UTC (rev 7571)
+++
portal/branches/xss/portlet/exoadmin/src/main/webapp/groovy/admintoolbar/webui/component/UIUserToolBarSitePortlet.gtmpl 2011-09-30
08:45:51 UTC (rev 7572)
@@ -1,7 +1,8 @@
<%
import org.exoplatform.web.application.JavascriptManager;
import org.exoplatform.portal.webui.util.Util ;
- import org.gatein.common.text.EntityEncoder;
+ import org.gatein.common.text.EntityEncoder;
+ import org.exoplatform.commons.utils.HTMLEntityEncoder;
import org.exoplatform.portal.mop.user.UserNode;
import javax.portlet.MimeResponse;
import javax.portlet.ResourceURL;
@@ -41,7 +42,7 @@
else clazz = "";
href = nodeURL.toString();
- EntityEncoder entityEncoder = EntityEncoder.FULL;
+ EntityEncoder entityEncoder = HTMLEntityEncoder.getInstance();
label = uicomponent.getPortalLabel(portalName);
label = entityEncoder.encode(label);
print """
Modified:
portal/branches/xss/portlet/exoadmin/src/main/webapp/groovy/applicationregistry/webui/component/UIApplicationInfo.gtmpl
===================================================================
---
portal/branches/xss/portlet/exoadmin/src/main/webapp/groovy/applicationregistry/webui/component/UIApplicationInfo.gtmpl 2011-09-30
08:08:49 UTC (rev 7571)
+++
portal/branches/xss/portlet/exoadmin/src/main/webapp/groovy/applicationregistry/webui/component/UIApplicationInfo.gtmpl 2011-09-30
08:45:51 UTC (rev 7572)
@@ -1,12 +1,13 @@
<%
-import org.gatein.common.text.EntityEncoder;
+import org.gatein.common.text.EntityEncoder;
+import org.exoplatform.commons.utils.HTMLEntityEncoder;
def application = uicomponent.getApplication();
def category = uicomponent.getApplicationCategory();
String name = application.getApplicationName();
String srcBG = application.getIconURL();
String srcBGError =
"/eXoResources/skin/sharedImages/Icon80x80/DefaultPortlet.png";
-EntityEncoder encoder = EntityEncoder.FULL;
+EntityEncoder encoder = HTMLEntityEncoder.getInstance();
String categoryDisplayName = encoder.encode(category.getDisplayName());
String applicationDisplayName = encoder.encode(application.getDisplayName());
Modified:
portal/branches/xss/portlet/exoadmin/src/main/webapp/groovy/applicationregistry/webui/component/UIApplicationOrganizer.gtmpl
===================================================================
---
portal/branches/xss/portlet/exoadmin/src/main/webapp/groovy/applicationregistry/webui/component/UIApplicationOrganizer.gtmpl 2011-09-30
08:08:49 UTC (rev 7571)
+++
portal/branches/xss/portlet/exoadmin/src/main/webapp/groovy/applicationregistry/webui/component/UIApplicationOrganizer.gtmpl 2011-09-30
08:45:51 UTC (rev 7572)
@@ -1,5 +1,6 @@
-<%
+<%
import org.gatein.common.text.EntityEncoder;
+import org.exoplatform.commons.utils.HTMLEntityEncoder;
def categories = uicomponent.getCategories();
def selectedCategory = uicomponent.getSelectedCategory();
def apps = uicomponent.getApplications();
@@ -29,7 +30,7 @@
cName = category.getName();
displayName =category.getDisplayName();
if(displayName == null || displayName.length() < 1 ) displayName = cName;
- EntityEncoder encoder = EntityEncoder.FULL;
+ EntityEncoder encoder = HTMLEntityEncoder.getInstance();
displayName = encoder.encode(displayName);
if(selectedCategory != null && cName == selectedCategory.getName()) {
isSelected = true;
Modified:
portal/branches/xss/portlet/exoadmin/src/main/webapp/groovy/applicationregistry/webui/component/UIGadgetInfo.gtmpl
===================================================================
---
portal/branches/xss/portlet/exoadmin/src/main/webapp/groovy/applicationregistry/webui/component/UIGadgetInfo.gtmpl 2011-09-30
08:08:49 UTC (rev 7571)
+++
portal/branches/xss/portlet/exoadmin/src/main/webapp/groovy/applicationregistry/webui/component/UIGadgetInfo.gtmpl 2011-09-30
08:45:51 UTC (rev 7572)
@@ -1,8 +1,9 @@
<%
import org.exoplatform.applicationregistry.webui.component.UICategorySelector;
- import org.gatein.common.text.EntityEncoder;
+ import org.gatein.common.text.EntityEncoder;
+ import org.exoplatform.commons.utils.HTMLEntityEncoder;
- EntityEncoder encoder = EntityEncoder.FULL;
+ EntityEncoder encoder = HTMLEntityEncoder.getInstance();
def gadget = uicomponent.getGadget();
boolean selectorRender = uicomponent.getChild(UICategorySelector.class).isRendered();
String srcBGError =
"/eXoResources/skin/sharedImages/Icon80x80/DefaultPortlet.png";
Modified:
portal/branches/xss/portlet/exoadmin/src/main/webapp/groovy/applicationregistry/webui/component/UIPortletInfo.gtmpl
===================================================================
---
portal/branches/xss/portlet/exoadmin/src/main/webapp/groovy/applicationregistry/webui/component/UIPortletInfo.gtmpl 2011-09-30
08:08:49 UTC (rev 7571)
+++
portal/branches/xss/portlet/exoadmin/src/main/webapp/groovy/applicationregistry/webui/component/UIPortletInfo.gtmpl 2011-09-30
08:45:51 UTC (rev 7572)
@@ -2,11 +2,12 @@
import java.util.Iterator;
import java.util.Map.Entry;
import org.exoplatform.applicationregistry.webui.component.UICategorySelector;
- import org.gatein.common.text.EntityEncoder;
+ import org.gatein.common.text.EntityEncoder;
+ import org.exoplatform.commons.utils.HTMLEntityEncoder;
boolean selectorRender = uicomponent.getChild(UICategorySelector.class).isRendered();
String categoryNames = uicomponent.getCategorieNames();
- EntityEncoder encoder = EntityEncoder.FULL;
+ EntityEncoder encoder = HTMLEntityEncoder.getInstance();
def portlet = uicomponent.getPortlet();
def portletPreferences = portlet.getPortletPreferences();
String srcBG = "/" + portlet.getPortletGroup() +
"/skin/DefaultSkin/portletIcons/" + portlet.getName() + ".png";
Modified:
portal/branches/xss/portlet/exoadmin/src/main/webapp/groovy/navigation/webui/component/UINavigationGrid.gtmpl
===================================================================
---
portal/branches/xss/portlet/exoadmin/src/main/webapp/groovy/navigation/webui/component/UINavigationGrid.gtmpl 2011-09-30
08:08:49 UTC (rev 7571)
+++
portal/branches/xss/portlet/exoadmin/src/main/webapp/groovy/navigation/webui/component/UINavigationGrid.gtmpl 2011-09-30
08:45:51 UTC (rev 7572)
@@ -2,6 +2,7 @@
import org.exoplatform.portal.mop.SiteKey;
import org.exoplatform.webui.organization.OrganizationUtils;
import org.gatein.common.text.EntityEncoder;
+ import org.exoplatform.commons.utils.HTMLEntityEncoder;
import java.util.List;
@@ -13,7 +14,7 @@
<%
boolean isEvenRow = true;
SiteKey siteKey;
- EntityEncoder encoder = EntityEncoder.FULL;
+ EntityEncoder encoder = HTMLEntityEncoder.getInstance();
String descriptionLabel =
_ctx.appRes("UIGroupNavigationManagement.Label.Description");
String editNavigationLabel =
_ctx.appRes("UIGroupNavigationManagement.Label.EditNavigation");
String editPropertiesLabel =
_ctx.appRes("UIGroupNavigationManagement.Label.EditProperties");
Modified:
portal/branches/xss/portlet/exoadmin/src/main/webapp/groovy/navigation/webui/component/UISiteManagement.gtmpl
===================================================================
---
portal/branches/xss/portlet/exoadmin/src/main/webapp/groovy/navigation/webui/component/UISiteManagement.gtmpl 2011-09-30
08:08:49 UTC (rev 7571)
+++
portal/branches/xss/portlet/exoadmin/src/main/webapp/groovy/navigation/webui/component/UISiteManagement.gtmpl 2011-09-30
08:45:51 UTC (rev 7572)
@@ -4,13 +4,14 @@
import org.exoplatform.webui.form.UIForm;
import org.gatein.common.text.EntityEncoder;
+ import org.exoplatform.commons.utils.HTMLEntityEncoder;
String[] actions = uicomponent.getActions();
uicomponent.loadPortalConfigs();
def rcontext = _ctx.getRequestContext();
def userPortalConfigService =
uicomponent.getApplicationComponent(UserPortalConfigService.class);
def defaultPortalName = userPortalConfigService.getDefaultPortal();
- EntityEncoder encoder = EntityEncoder.FULL;
+ EntityEncoder encoder = HTMLEntityEncoder.getInstance();
String editLayoutLabel = _ctx.appRes("UISiteManagement.label.editLayout");
String editNavigationLabel = _ctx.appRes("UISiteManagement.label.editNav");
Modified:
portal/branches/xss/portlet/web/src/main/webapp/groovy/portal/webui/component/UIBreadcumbsPortlet.gtmpl
===================================================================
---
portal/branches/xss/portlet/web/src/main/webapp/groovy/portal/webui/component/UIBreadcumbsPortlet.gtmpl 2011-09-30
08:08:49 UTC (rev 7571)
+++
portal/branches/xss/portlet/web/src/main/webapp/groovy/portal/webui/component/UIBreadcumbsPortlet.gtmpl 2011-09-30
08:45:51 UTC (rev 7572)
@@ -2,7 +2,8 @@
import java.util.List;
import org.exoplatform.portal.webui.util.Util;
import org.exoplatform.portal.application.PortalRequestContext;
- import org.gatein.common.text.EntityEncoder;
+ import org.gatein.common.text.EntityEncoder;
+ import org.exoplatform.commons.utils.HTMLEntityEncoder;
import org.exoplatform.web.url.PortalURL;
import org.exoplatform.web.url.navigation.NavigationResource;
Modified:
portal/branches/xss/portlet/web/src/main/webapp/groovy/portal/webui/component/UIPortalNavigation.gtmpl
===================================================================
---
portal/branches/xss/portlet/web/src/main/webapp/groovy/portal/webui/component/UIPortalNavigation.gtmpl 2011-09-30
08:08:49 UTC (rev 7571)
+++
portal/branches/xss/portlet/web/src/main/webapp/groovy/portal/webui/component/UIPortalNavigation.gtmpl 2011-09-30
08:45:51 UTC (rev 7572)
@@ -2,7 +2,8 @@
import org.exoplatform.portal.mop.user.UserNode;
import org.exoplatform.web.application.JavascriptManager;
import org.exoplatform.portal.webui.util.Util;
- import org.gatein.common.text.EntityEncoder;
+ import org.gatein.common.text.EntityEncoder;
+ import org.exoplatform.commons.utils.HTMLEntityEncoder;
import javax.portlet.MimeResponse;
import org.exoplatform.portal.application.PortalRequestContext;
import org.exoplatform.web.url.PortalURL;
Modified:
portal/branches/xss/web/portal/src/main/webapp/groovy/portal/webui/application/UIApplicationList.gtmpl
===================================================================
---
portal/branches/xss/web/portal/src/main/webapp/groovy/portal/webui/application/UIApplicationList.gtmpl 2011-09-30
08:08:49 UTC (rev 7571)
+++
portal/branches/xss/web/portal/src/main/webapp/groovy/portal/webui/application/UIApplicationList.gtmpl 2011-09-30
08:45:51 UTC (rev 7572)
@@ -1,9 +1,10 @@
<%
import org.gatein.common.text.EntityEncoder;
+import org.exoplatform.commons.utils.HTMLEntityEncoder;
def categories = uicomponent.getCategories();
def selectedCategory = uicomponent.getSelectedCategory();
-EntityEncoder encoder = EntityEncoder.FULL;
+EntityEncoder encoder = HTMLEntityEncoder.getInstance();
%>
<div class="UIOrganizerManagement" id="$uicomponent.id">
<div class="AppRegistryContainer">
Modified:
portal/branches/xss/web/portal/src/main/webapp/groovy/portal/webui/application/UIPortlet.gtmpl
===================================================================
---
portal/branches/xss/web/portal/src/main/webapp/groovy/portal/webui/application/UIPortlet.gtmpl 2011-09-30
08:08:49 UTC (rev 7571)
+++
portal/branches/xss/web/portal/src/main/webapp/groovy/portal/webui/application/UIPortlet.gtmpl 2011-09-30
08:45:51 UTC (rev 7572)
@@ -1,7 +1,8 @@
<%
import org.exoplatform.portal.webui.workspace.UIPortalApplication;
import org.exoplatform.web.application.JavascriptManager;
- import org.gatein.common.text.EntityEncoder;
+ import org.gatein.common.text.EntityEncoder;
+ import org.exoplatform.commons.utils.HTMLEntityEncoder;
import javax.portlet.WindowState;
@@ -21,7 +22,7 @@
WindowState windowState = uicomponent.getCurrentWindowState();
String portletId = uicomponent.getId();
- EntityEncoder encoder = EntityEncoder.FULL;
+ EntityEncoder encoder = HTMLEntityEncoder.getInstance();
String title = encoder.encode(uicomponent.getDisplayTitle());
if(uiPortalApp.isEditing()) {
Modified:
portal/branches/xss/web/portal/src/main/webapp/groovy/portal/webui/page/UIWizardPageSetInfo.gtmpl
===================================================================
---
portal/branches/xss/web/portal/src/main/webapp/groovy/portal/webui/page/UIWizardPageSetInfo.gtmpl 2011-09-30
08:08:49 UTC (rev 7571)
+++
portal/branches/xss/web/portal/src/main/webapp/groovy/portal/webui/page/UIWizardPageSetInfo.gtmpl 2011-09-30
08:45:51 UTC (rev 7572)
@@ -1,7 +1,8 @@
<%
import org.exoplatform.portal.webui.navigation.UIPageNodeSelector;
import org.exoplatform.webui.core.UIComponent;
- import org.gatein.common.text.EntityEncoder;
+ import org.gatein.common.text.EntityEncoder;
+ import org.exoplatform.commons.utils.HTMLEntityEncoder;
String nodeName = "/";
boolean isNoSelecter = !uicomponent.getChild(UIPageNodeSelector.class).isRendered();
@@ -26,7 +27,7 @@
<% if(nodeName.length() > 40) {
nodeName = nodeName.substring(0,39) + "...";
}
- nodeName = EntityEncoder.FULL.encode(nodeName);
+ nodeName = HTMLEntityEncoder.getInstance().encode(nodeName);
%>
<div class="Info">$nodeName</div>
</div>
Modified:
portal/branches/xss/web/portal/src/main/webapp/groovy/webui/core/UIBreadcumbs.gtmpl
===================================================================
---
portal/branches/xss/web/portal/src/main/webapp/groovy/webui/core/UIBreadcumbs.gtmpl 2011-09-30
08:08:49 UTC (rev 7571)
+++
portal/branches/xss/web/portal/src/main/webapp/groovy/webui/core/UIBreadcumbs.gtmpl 2011-09-30
08:45:51 UTC (rev 7572)
@@ -2,7 +2,8 @@
import java.util.List;
import org.exoplatform.portal.webui.util.Util;
import org.exoplatform.portal.application.PortalRequestContext;
- import org.gatein.common.text.EntityEncoder;
+ import org.gatein.common.text.EntityEncoder;
+ import org.exoplatform.commons.utils.HTMLEntityEncoder;
List list = uicomponent.getPath();
def styleBread = uicomponent.getBreadcumbsStyle();
@@ -27,7 +28,7 @@
actionLink = uicomponent.event("SelectPath", localPath.getId());
else
actionLink = portalURI + localPath.getId();
- EntityEncoder entityEncoder = EntityEncoder.FULL;
+ EntityEncoder entityEncoder = HTMLEntityEncoder.getInstance();
String label = entityEncoder.encode(localPath.label)
if(i == list.size()-1) note = "Selected";
%>
Modified: portal/branches/xss/web/portal/src/main/webapp/groovy/webui/core/UIGrid.gtmpl
===================================================================
---
portal/branches/xss/web/portal/src/main/webapp/groovy/webui/core/UIGrid.gtmpl 2011-09-30
08:08:49 UTC (rev 7571)
+++
portal/branches/xss/web/portal/src/main/webapp/groovy/webui/core/UIGrid.gtmpl 2011-09-30
08:45:51 UTC (rev 7572)
@@ -4,6 +4,7 @@
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import org.gatein.common.text.EntityEncoder;
+ import org.exoplatform.commons.utils.HTMLEntityEncoder;
String[] beanFields = uicomponent.getBeanFields();
String[] beanActions = uicomponent.getBeanActions();
@@ -65,7 +66,7 @@
%>
<tr class="$rowClass">
<%
- EntityEncoder encoder = EntityEncoder.FULL;
+ EntityEncoder encoder = HTMLEntityEncoder.getInstance();
for (field in beanFields)
{
def fieldValue = uicomponent.getFieldValue(bean, field);
Modified:
portal/branches/xss/web/portal/src/main/webapp/groovy/webui/core/UIPopupMessages.gtmpl
===================================================================
---
portal/branches/xss/web/portal/src/main/webapp/groovy/webui/core/UIPopupMessages.gtmpl 2011-09-30
08:08:49 UTC (rev 7571)
+++
portal/branches/xss/web/portal/src/main/webapp/groovy/webui/core/UIPopupMessages.gtmpl 2011-09-30
08:45:51 UTC (rev 7572)
@@ -8,7 +8,8 @@
*/
%>
<%
- import org.gatein.common.text.EntityEncoder;
+ import org.gatein.common.text.EntityEncoder;
+ import org.exoplatform.commons.utils.HTMLEntityEncoder;
String popupId = uicomponent.getId();
def rcontext = _ctx.getRequestContext();
@@ -66,7 +67,7 @@
}
}
}
- EntityEncoder encoder = EntityEncoder.FULL;
+ EntityEncoder encoder = HTMLEntityEncoder.getInstance();
msgValue = encoder.encode(msgValue);
println msgValue;
Modified:
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/core/UITree.java
===================================================================
---
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/core/UITree.java 2011-09-30
08:08:49 UTC (rev 7571)
+++
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/core/UITree.java 2011-09-30
08:45:51 UTC (rev 7572)
@@ -20,6 +20,7 @@
package org.exoplatform.webui.core;
import org.exoplatform.commons.serialization.api.annotations.Serialized;
+import org.exoplatform.commons.utils.HTMLEntityEncoder;
import org.exoplatform.util.ReflectionUtil;
import org.exoplatform.webui.application.WebuiRequestContext;
import org.exoplatform.webui.config.annotation.ComponentConfig;
@@ -27,7 +28,6 @@
import org.exoplatform.webui.event.Event;
import org.exoplatform.webui.event.EventListener;
import org.exoplatform.webui.form.UIForm;
-import org.gatein.common.text.EntityEncoder;
import java.lang.reflect.Method;
import java.util.Collection;
@@ -324,7 +324,7 @@
if (escapeHTML_)
{
- fieldValue = fieldValue != null ? EntityEncoder.FULL.encode(fieldValue) :
fieldValue;
+ fieldValue = fieldValue != null ?
HTMLEntityEncoder.getInstance().encode(fieldValue) : fieldValue;
}
if (nodeIcon.equals(expandIcon))
Modified:
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/UIFormHiddenInput.java
===================================================================
---
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/UIFormHiddenInput.java 2011-09-30
08:08:49 UTC (rev 7571)
+++
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/UIFormHiddenInput.java 2011-09-30
08:45:51 UTC (rev 7572)
@@ -19,8 +19,8 @@
package org.exoplatform.webui.form;
+import org.exoplatform.commons.utils.HTMLEntityEncoder;
import org.exoplatform.webui.application.WebuiRequestContext;
-import org.gatein.common.text.EntityEncoder;
import java.io.Writer;
@@ -67,7 +67,7 @@
if (value != null && value.length() > 0)
{
print.write(" value='");
- value = EntityEncoder.FULL.encode(value);
+ value = HTMLEntityEncoder.getInstance().encodeHTMLAttribute(value);
print.write(value);
print.write("'");
}
Modified:
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/UIFormInputInfo.java
===================================================================
---
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/UIFormInputInfo.java 2011-09-30
08:08:49 UTC (rev 7571)
+++
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/UIFormInputInfo.java 2011-09-30
08:45:51 UTC (rev 7572)
@@ -19,9 +19,9 @@
package org.exoplatform.webui.form;
+import org.exoplatform.commons.serialization.api.annotations.Serialized;
+import org.exoplatform.commons.utils.HTMLEntityEncoder;
import org.exoplatform.webui.application.WebuiRequestContext;
-import org.exoplatform.commons.serialization.api.annotations.Serialized;
-import org.gatein.common.text.EntityEncoder;
import java.io.Writer;
@@ -56,7 +56,7 @@
String value = getValue();
if (value != null)
{
- value = EntityEncoder.FULL.encode(value);
+ value = HTMLEntityEncoder.getInstance().encode(value);
w.write(value);
}
w.write("</span>");
Modified:
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/UIFormSelectBox.java
===================================================================
---
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/UIFormSelectBox.java 2011-09-30
08:08:49 UTC (rev 7571)
+++
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/UIFormSelectBox.java 2011-09-30
08:45:51 UTC (rev 7572)
@@ -19,11 +19,11 @@
package org.exoplatform.webui.form;
+import org.exoplatform.commons.serialization.api.annotations.Serialized;
+import org.exoplatform.commons.utils.HTMLEntityEncoder;
import org.exoplatform.webui.application.WebuiRequestContext;
-import org.exoplatform.commons.serialization.api.annotations.Serialized;
import org.exoplatform.webui.core.UIComponent;
import org.exoplatform.webui.core.model.SelectItemOption;
-import org.gatein.common.text.EntityEncoder;
import java.io.Writer;
import java.util.ArrayList;
@@ -256,7 +256,7 @@
}
String value = item.getValue();
- value = EntityEncoder.FULL.encode(value);
+ value = HTMLEntityEncoder.getInstance().encodeHTMLAttribute(value);
if (item.isSelected())
{
w.write("<option selected=\"selected\"
value=\"");
Modified:
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/UIFormStringInput.java
===================================================================
---
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/UIFormStringInput.java 2011-09-30
08:08:49 UTC (rev 7571)
+++
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/UIFormStringInput.java 2011-09-30
08:45:51 UTC (rev 7572)
@@ -19,9 +19,9 @@
package org.exoplatform.webui.form;
+import org.exoplatform.commons.serialization.api.annotations.Serialized;
+import org.exoplatform.commons.utils.HTMLEntityEncoder;
import org.exoplatform.webui.application.WebuiRequestContext;
-import org.exoplatform.commons.serialization.api.annotations.Serialized;
-import org.gatein.common.text.EntityEncoder;
import java.io.Writer;
@@ -115,7 +115,7 @@
w.write('\'');
if (value != null && value.length() > 0)
{
- value = EntityEncoder.FULL.encode(value);
+ value = HTMLEntityEncoder.getInstance().encodeHTMLAttribute(value);
w.write(" value='");
w.write(value);
w.write('\'');
Modified:
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/UIFormTextAreaInput.java
===================================================================
---
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/UIFormTextAreaInput.java 2011-09-30
08:08:49 UTC (rev 7571)
+++
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/UIFormTextAreaInput.java 2011-09-30
08:45:51 UTC (rev 7572)
@@ -19,9 +19,9 @@
package org.exoplatform.webui.form;
+import org.exoplatform.commons.serialization.api.annotations.Serialized;
+import org.exoplatform.commons.utils.HTMLEntityEncoder;
import org.exoplatform.webui.application.WebuiRequestContext;
-import org.exoplatform.commons.serialization.api.annotations.Serialized;
-import org.gatein.common.text.EntityEncoder;
import java.io.Writer;
@@ -73,7 +73,7 @@
w.write(">");
if (value != null)
{
- value = EntityEncoder.FULL.encode(value);
+ value = HTMLEntityEncoder.getInstance().encode(value);
w.write(value);
}
w.write("</textarea>");
Modified:
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/ext/UIFormColorPicker.java
===================================================================
---
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/ext/UIFormColorPicker.java 2011-09-30
08:08:49 UTC (rev 7571)
+++
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/ext/UIFormColorPicker.java 2011-09-30
08:45:51 UTC (rev 7572)
@@ -19,12 +19,12 @@
package org.exoplatform.webui.form.ext;
+import org.exoplatform.commons.utils.HTMLEntityEncoder;
import org.exoplatform.webui.application.WebuiRequestContext;
import org.exoplatform.webui.form.UIForm;
import org.exoplatform.webui.form.UIFormInput;
import org.exoplatform.webui.form.UIFormInputBase;
import org.exoplatform.webui.form.ext.UIFormColorPicker.Colors.Color;
-import org.gatein.common.text.EntityEncoder;
import java.io.Writer;
import java.util.HashMap;
@@ -200,7 +200,7 @@
String value = getValue();
if (value != null)
{
- value = EntityEncoder.FULL.encode(value);
+ value = HTMLEntityEncoder.getInstance().encode(value);
}
Writer w = context.getWriter();
w.write("<div class='UIFormColorPicker'>");
Modified:
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/ext/UIFormComboBox.java
===================================================================
---
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/ext/UIFormComboBox.java 2011-09-30
08:08:49 UTC (rev 7571)
+++
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/ext/UIFormComboBox.java 2011-09-30
08:45:51 UTC (rev 7572)
@@ -19,11 +19,11 @@
package org.exoplatform.webui.form.ext;
+import org.exoplatform.commons.utils.HTMLEntityEncoder;
import org.exoplatform.webui.application.WebuiRequestContext;
import org.exoplatform.webui.core.model.SelectItemOption;
import org.exoplatform.webui.form.UIForm;
import org.exoplatform.webui.form.UIFormInputBase;
-import org.gatein.common.text.EntityEncoder;
import java.io.Writer;
import java.util.HashMap;
@@ -198,7 +198,7 @@
String value = getValue();
if (value != null)
{
- value = EntityEncoder.FULL.encode(value);
+ value = HTMLEntityEncoder.getInstance().encode(value);
}
text += "<input type='hidden' name='" + getName() +
"' id='" + getId() + "'";
if (value_ != null && value_.trim().length() > 0)
Modified:
portal/branches/xss/webui/dashboard/src/main/resources/groovy/dashboard/webui/component/UIDashboardSelectContainer.gtmpl
===================================================================
---
portal/branches/xss/webui/dashboard/src/main/resources/groovy/dashboard/webui/component/UIDashboardSelectContainer.gtmpl 2011-09-30
08:08:49 UTC (rev 7571)
+++
portal/branches/xss/webui/dashboard/src/main/resources/groovy/dashboard/webui/component/UIDashboardSelectContainer.gtmpl 2011-09-30
08:45:51 UTC (rev 7572)
@@ -1,5 +1,6 @@
<%
- import org.gatein.common.text.EntityEncoder;
+ import org.gatein.common.text.EntityEncoder;
+ import org.exoplatform.commons.utils.HTMLEntityEncoder;
def uiDashboard =
uicomponent.getAncestorOfType(org.exoplatform.dashboard.webui.component.UIDashboard.class);
if(!uiDashboard.canEdit()) return;
@@ -8,7 +9,7 @@
def rcontext = _ctx.getRequestContext();
rcontext.getJavascriptManager().addJavascript("eXo.webui.UIDashboard.initPopup('"+uiPopup.getId()+"');");
- EntityEncoder encoder = EntityEncoder.FULL;
+ EntityEncoder encoder = HTMLEntityEncoder.getInstance();
%>
<div class="$uicomponent.id" id="UIDashboardSelectContainer"
style="display: <%= uiDashboard.isShowSelectPopup()? "block" :
"none"; %>;">
<div class="DashboardItemContainer ItemContainer">
Modified:
portal/branches/xss/webui/eXo/src/main/java/org/exoplatform/webui/organization/UIGroup.java
===================================================================
---
portal/branches/xss/webui/eXo/src/main/java/org/exoplatform/webui/organization/UIGroup.java 2011-09-30
08:08:49 UTC (rev 7571)
+++
portal/branches/xss/webui/eXo/src/main/java/org/exoplatform/webui/organization/UIGroup.java 2011-09-30
08:45:51 UTC (rev 7572)
@@ -1,10 +1,10 @@
package org.exoplatform.webui.organization;
-import java.io.Serializable;
-
+import org.exoplatform.commons.utils.HTMLEntityEncoder;
import org.exoplatform.services.organization.Group;
-import org.gatein.common.text.EntityEncoder;
+import java.io.Serializable;
+
public class UIGroup implements Serializable {
private Group group;
@@ -16,8 +16,7 @@
public String getEncodedLabel()
{
- EntityEncoder encoder = EntityEncoder.FULL;
- return encoder.encode(getLabel());
+ return HTMLEntityEncoder.getInstance().encode(getLabel());
}
public String getLabel()