Author: trong.tran
Date: 2011-10-03 06:18:22 -0400 (Mon, 03 Oct 2011)
New Revision: 7598
Added:
portal/trunk/component/common/src/main/java/org/exoplatform/commons/utils/HTMLEntityEncoder.java
portal/trunk/component/common/src/test/java/org/exoplatform/commons/utils/TestHTMLEntityEncoder.java
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/validator/NotHTMLTagValidator.java
Modified:
portal/trunk/
portal/trunk/component/common/src/main/java/org/exoplatform/commons/xml/DOMSerializer.java
portal/trunk/component/portal/src/main/java/org/exoplatform/portal/mop/user/UserNode.java
portal/trunk/component/portal/src/main/java/org/exoplatform/portal/pom/config/Utils.java
portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/TestEscape.java
portal/trunk/component/web/server/src/main/java/org/exoplatform/upload/UploadService.java
portal/trunk/component/web/server/src/main/java/org/exoplatform/web/handler/UploadHandler.java
portal/trunk/gadgets/eXoGadgets/src/main/webapp/gadgets/rssAggregator/script.js
portal/trunk/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UIApplicationForm.java
portal/trunk/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UICategoryForm.java
portal/trunk/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UICategorySelector.java
portal/trunk/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UIGadgetEditor.java
portal/trunk/portlet/exoadmin/src/main/java/org/exoplatform/navigation/webui/TreeNode.java
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/admintoolbar/webui/component/UIUserInfoPortlet.gtmpl
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/admintoolbar/webui/component/UIUserToolBarSitePortlet.gtmpl
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/applicationregistry/webui/component/UIApplicationInfo.gtmpl
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/applicationregistry/webui/component/UIApplicationOrganizer.gtmpl
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/applicationregistry/webui/component/UIGadgetInfo.gtmpl
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/applicationregistry/webui/component/UIPortletInfo.gtmpl
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/navigation/webui/component/UINavigationGrid.gtmpl
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/navigation/webui/component/UISiteManagement.gtmpl
portal/trunk/portlet/web/src/main/webapp/groovy/portal/webui/component/UIBreadcumbsPortlet.gtmpl
portal/trunk/portlet/web/src/main/webapp/groovy/portal/webui/component/UIPortalNavigation.gtmpl
portal/trunk/web/eXoResources/src/main/webapp/WEB-INF/gatein-resources.xml
portal/trunk/web/eXoResources/src/main/webapp/javascript/eXo/core/HTMLUtil.js
portal/trunk/web/eXoResources/src/main/webapp/javascript/eXo/portal/PortalHttpRequest.js
portal/trunk/web/eXoResources/src/main/webapp/javascript/eXo/webui/UIUpload.js
portal/trunk/web/portal/src/main/webapp/WEB-INF/classes/locale/portal/webui_en.properties
portal/trunk/web/portal/src/main/webapp/WEB-INF/classes/locale/portal/webui_vi.properties
portal/trunk/web/portal/src/main/webapp/groovy/portal/webui/application/UIApplicationList.gtmpl
portal/trunk/web/portal/src/main/webapp/groovy/portal/webui/application/UIPortlet.gtmpl
portal/trunk/web/portal/src/main/webapp/groovy/portal/webui/page/UIWizardPageSetInfo.gtmpl
portal/trunk/web/portal/src/main/webapp/groovy/webui/core/UIBreadcumbs.gtmpl
portal/trunk/web/portal/src/main/webapp/groovy/webui/core/UIGrid.gtmpl
portal/trunk/web/portal/src/main/webapp/groovy/webui/core/UIPopupMessages.gtmpl
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/core/UITree.java
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormDateTimeInput.java
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormHiddenInput.java
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormInputBase.java
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormInputInfo.java
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormSelectBox.java
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormStringInput.java
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormTextAreaInput.java
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormWYSIWYGInput.java
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/ext/UIFormColorPicker.java
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/ext/UIFormComboBox.java
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/ext/UIFormInputSetWithAction.java
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/validator/ExpressionValidator.java
portal/trunk/webui/dashboard/src/main/resources/groovy/dashboard/webui/component/UIDashboardSelectContainer.gtmpl
portal/trunk/webui/eXo/src/main/java/org/exoplatform/webui/organization/UIGroup.java
portal/trunk/webui/eXo/src/main/java/org/exoplatform/webui/organization/UIGroupMembershipSelector.java
portal/trunk/webui/eXo/src/main/java/org/exoplatform/webui/organization/UIGroupSelector.java
portal/trunk/webui/eXo/src/main/java/org/exoplatform/webui/organization/account/UIGroupSelector.java
portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/application/UIPortletForm.java
portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/page/UIPageBrowser.java
portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/page/UIPageSearchForm.java
portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/portal/UIPortalForm.java
Log:
Merge XSS branch into GateIn trunk
Property changes on: portal/trunk
___________________________________________________________________
Modified: svn:mergeinfo
- /epp/portal/branches/EPP_5_1_Branch:6841
/portal/branches/branch-GTNPORTAL-1790:5864-5919
/portal/branches/branch-GTNPORTAL-1822:5938-5991
/portal/branches/branch-GTNPORTAL-1832:5993-6105
/portal/branches/branch-GTNPORTAL-1872:6327-6594
/portal/branches/branch-GTNPORTAL-1921:6597-6803
/portal/branches/branch-GTNPORTAL-1963:6902-6986
/portal/branches/decoupled-webos:6214-6243
/portal/branches/dom:7272-7349
/portal/branches/gatein-management:6920-6958
/portal/branches/global-portlet-metadata:6298-6384
/portal/branches/site-describability:6171-6235
/portal/branches/wsrp-extraction:5828-6031
+ /epp/portal/branches/EPP_5_1_Branch:6841
/portal/branches/branch-GTNPORTAL-1790:5864-5919
/portal/branches/branch-GTNPORTAL-1822:5938-5991
/portal/branches/branch-GTNPORTAL-1832:5993-6105
/portal/branches/branch-GTNPORTAL-1872:6327-6594
/portal/branches/branch-GTNPORTAL-1921:6597-6803
/portal/branches/branch-GTNPORTAL-1963:6902-6986
/portal/branches/decoupled-webos:6214-6243
/portal/branches/dom:7272-7349
/portal/branches/gatein-management:6920-6958
/portal/branches/global-portlet-metadata:6298-6384
/portal/branches/site-describability:6171-6235
/portal/branches/wsrp-extraction:5828-6031
/portal/branches/xss:7377-7595,7597
/portal/branches/xss-issues:7350-7351,7358
Copied:
portal/trunk/component/common/src/main/java/org/exoplatform/commons/utils/HTMLEntityEncoder.java
(from rev 7595,
portal/branches/xss/component/common/src/main/java/org/exoplatform/commons/utils/HTMLEntityEncoder.java)
===================================================================
---
portal/trunk/component/common/src/main/java/org/exoplatform/commons/utils/HTMLEntityEncoder.java
(rev 0)
+++
portal/trunk/component/common/src/main/java/org/exoplatform/commons/utils/HTMLEntityEncoder.java 2011-10-03
10:18:22 UTC (rev 7598)
@@ -0,0 +1,222 @@
+/*
+ * Copyright (C) 2011 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.exoplatform.commons.utils;
+
+import org.gatein.common.io.WriterCharWriter;
+import org.gatein.common.text.CharWriter;
+import org.gatein.common.text.EncodingException;
+import org.gatein.common.text.EntityEncoder;
+import org.gatein.common.util.ParameterValidation;
+
+import java.io.StringWriter;
+import java.io.Writer;
+
+/**
+ * This encoder provides a few methods to encode the String to its HTML entity
representation.
+ *
+ * @author <a href="trongtt(a)gmail.com">Trong Tran</a>
+ * @version $Revision$
+ */
+public class HTMLEntityEncoder extends EntityEncoder
+{
+ private static volatile HTMLEntityEncoder singletonInstance;
+
+ public static HTMLEntityEncoder getInstance()
+ {
+ if (singletonInstance == null)
+ {
+ synchronized (HTMLEntityEncoder.class)
+ {
+ if (singletonInstance == null)
+ {
+ singletonInstance = new HTMLEntityEncoder();
+ }
+ }
+ }
+ return singletonInstance;
+ }
+
+ /** . */
+ private final String[] hexToEntity = buildHexEntityNumberArray();
+
+ /**
+ * Character set that are immune from encoding in HTML
+ */
+ private static final char[] IMMUNE_HTML = { ',', '.', '-',
'_', ' ' };
+
+ /**
+ * Character set that are immune from encoding in HTML Attribute
+ */
+ private static final char[] IMMUNE_HTMLATTR = { ',', '.', '-',
'_' };
+
+ /**
+ * Encode data for use in HTML
+ *
+ * @param input the string to encode for HTML
+ * @return input encoded for HTML
+ */
+ public String encodeHTML(String input)
+ {
+ return encode(input, IMMUNE_HTML);
+ }
+
+ /**
+ * Encode data for use in HTML attributes.
+ *
+ * @param input the string to encode for a HTML attribute
+ * @return input encoded for use as value of a HTML attribute
+ */
+ public String encodeHTMLAttribute(String input)
+ {
+ return encode(input, IMMUNE_HTMLATTR);
+ }
+
+ @Override
+ public void safeEncode(char[] chars, int off, int len, CharWriter writer) throws
EncodingException
+ {
+ safeEncode(chars, off, len, writer, IMMUNE_HTML);
+ }
+
+ /**
+ * @param chars the array to encode
+ * @param off the offset in the chars array
+ * @param len the length of chars to encode
+ * @param writer the writer to use
+ * @param immune the characters array are immune from encoding
+ * @throws EncodingException
+ */
+ private void safeEncode(char[] chars, int off, int len, CharWriter writer, char[]
immune) throws EncodingException
+ {
+
+ // The index of the last copied char
+ int previous = off;
+
+ //
+ int to = off + len;
+
+ // Perform lookup char by char
+ for (int current = off; current < to; current++)
+ {
+ char c = chars[current];
+
+ // Lookup
+ if (isImmutable(immune, c))
+ {
+ continue;
+ }
+
+ String replacement;
+
+ String hex;
+
+ // Do we have a replacement
+ if ((replacement = lookupEntityName(c)) != null)
+ {
+ // We lazy create the result
+
+ // Append the previous chars if any
+ writer.append(chars, previous, current - previous);
+
+ // Append the replaced entity
+ writer.append('&').append(replacement).append(';');
+
+ // Update the previous pointer
+ previous = current + 1;
+ }
+ else if ((hex = lookupHexEntityNumber(c)) != null)
+ {
+ // We lazy create the result
+
+ // Append the previous chars if any
+ writer.append(chars, previous, current - previous);
+
+ // Append the replaced entity
+ writer.append("&#x").append(hex).append(';');
+
+ // Update the previous pointer
+ previous = current + 1;
+ }
+ }
+
+ //
+ writer.append(chars, previous, chars.length - previous);
+ }
+
+ public final String lookupEntityName(char c)
+ {
+ return lookup(c);
+ }
+
+ public final String lookupHexEntityNumber(char c)
+ {
+ if (c < 0xFF)
+ {
+ return hexToEntity[c];
+ }
+
+ return Integer.toHexString(c);
+ }
+
+ private boolean isImmutable(char[] array, char c)
+ {
+ for (char ch : array)
+ {
+ if (c == ch)
+ {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ private String encode(String input, char[] immutable)
+ {
+ ParameterValidation.throwIllegalArgExceptionIfNull(input, "String");
+
+ Writer sw = new StringWriter();
+ CharWriter charWriter = new WriterCharWriter(sw);
+ safeEncode(input.toCharArray(), 0, input.length(), charWriter, immutable);
+ return sw.toString();
+ }
+
+ /**
+ * Build an array to store the hex string for characters to be encoded.
+ * If the character shouldn't be encoded, then store null.
+ *
+ * @return An array containing characters in hex string that are to be encoded.
+ */
+ private String[] buildHexEntityNumberArray()
+ {
+ String[] array = new String[256];
+
+ for (char c = 0; c < 0xFF; c++)
+ {
+ if (c >= 0x30 && c <= 0x39 || c >= 0x41 && c <= 0x5A
|| c >= 0x61 && c <= 0x7A)
+ {
+ array[c] = null;
+ }
+ else
+ {
+ array[c] = Integer.toHexString(c);
+ }
+ }
+
+ return array;
+ }
+}
Modified:
portal/trunk/component/common/src/main/java/org/exoplatform/commons/xml/DOMSerializer.java
===================================================================
---
portal/trunk/component/common/src/main/java/org/exoplatform/commons/xml/DOMSerializer.java 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/component/common/src/main/java/org/exoplatform/commons/xml/DOMSerializer.java 2011-10-03
10:18:22 UTC (rev 7598)
@@ -19,9 +19,9 @@
package org.exoplatform.commons.xml;
+import org.exoplatform.commons.utils.HTMLEntityEncoder;
import org.gatein.common.logging.Logger;
import org.gatein.common.logging.LoggerFactory;
-import org.gatein.common.text.EntityEncoder;
import org.w3c.dom.Attr;
import org.w3c.dom.CDATASection;
import org.w3c.dom.CharacterData;
@@ -30,12 +30,12 @@
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
-import javax.xml.stream.FactoryConfigurationError;
+import java.io.IOException;
+import java.io.Writer;
+
import javax.xml.stream.XMLOutputFactory;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamWriter;
-import java.io.IOException;
-import java.io.Writer;
/**
* An high performance and custom DOM serializer based on stax {@link XMLStreamWriter}.
@@ -173,7 +173,7 @@
for(int i = 0; i < data.length(); i++)
{
char c = data.charAt(i);
- String encodedValue = EntityEncoder.FULL.lookup(c);
+ String encodedValue = HTMLEntityEncoder.getInstance().lookupEntityName(c);
if(encodedValue == null)
{
Copied:
portal/trunk/component/common/src/test/java/org/exoplatform/commons/utils/TestHTMLEntityEncoder.java
(from rev 7595,
portal/branches/xss/component/common/src/test/java/org/exoplatform/commons/utils/TestHTMLEntityEncoder.java)
===================================================================
---
portal/trunk/component/common/src/test/java/org/exoplatform/commons/utils/TestHTMLEntityEncoder.java
(rev 0)
+++
portal/trunk/component/common/src/test/java/org/exoplatform/commons/utils/TestHTMLEntityEncoder.java 2011-10-03
10:18:22 UTC (rev 7598)
@@ -0,0 +1,57 @@
+/**
+ * Copyright (C) 2011 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.exoplatform.commons.utils;
+
+import junit.framework.TestCase;
+
+/**
+ * @author <a href="trongtt(a)gmail.com">Trong Tran</a>
+ * @version $Revision$
+ */
+public class TestHTMLEntityEncoder extends TestCase
+{
+ private HTMLEntityEncoder htmlEncoder = HTMLEntityEncoder.getInstance();
+
+ public void testHTMLEncoding()
+ {
+ assertEquals("<h1>HELLO WORLD</h1>",
htmlEncoder.encode("<h1>HELLO WORLD</h1>"));
+ assertEquals("<h1>HELLO WORLD</h1>",
htmlEncoder.encodeHTML("<h1>HELLO WORLD</h1>"));
+
+ assertEquals("alert('HELLO WORLD')",
htmlEncoder.encode("alert('HELLO WORLD')"));
+ assertEquals("alert('HELLO WORLD')",
htmlEncoder.encodeHTML("alert('HELLO WORLD')"));
+
+ assertEquals(
+ "<a
href="http://example.com/?name1=value1&name2=value2&name3=a+b">link</a>",
+ htmlEncoder.encode("<a
href=\"http://example.com/?name1=value1&name2=value2&name3=a...;
+ assertEquals(
+ "<a
href="http://example.com/?name1=value1&name2=value2&name3=a+b">link</a>",
+ htmlEncoder.encodeHTML("<a
href=\"http://example.com/?name1=value1&name2=value2&name3=a...;
+ }
+
+ public void testHTMLAttributeEncoding()
+ {
+
assertEquals("<h1>HELLO WORLD</h1>",
htmlEncoder.encodeHTMLAttribute("<h1>HELLO WORLD</h1>"));
+
+
assertEquals("alert('HELLO WORLD')",
htmlEncoder.encodeHTMLAttribute("alert('HELLO WORLD')"));
+
+ assertEquals(
+
"<a href="http://example.com/?name1=value1&name2=value2&name3=a+b">link</a>",
+ htmlEncoder.encodeHTMLAttribute("<a
href=\"http://example.com/?name1=value1&name2=value2&name3=a...;
+ }
+}
Modified:
portal/trunk/component/portal/src/main/java/org/exoplatform/portal/mop/user/UserNode.java
===================================================================
---
portal/trunk/component/portal/src/main/java/org/exoplatform/portal/mop/user/UserNode.java 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/component/portal/src/main/java/org/exoplatform/portal/mop/user/UserNode.java 2011-10-03
10:18:22 UTC (rev 7598)
@@ -20,12 +20,12 @@
package org.exoplatform.portal.mop.user;
import org.exoplatform.commons.utils.ExpressionUtil;
+import org.exoplatform.commons.utils.HTMLEntityEncoder;
import org.exoplatform.portal.mop.Described;
import org.exoplatform.portal.mop.Visibility;
import org.exoplatform.portal.mop.description.DescriptionService;
import org.exoplatform.portal.mop.navigation.NodeContext;
import org.exoplatform.portal.mop.navigation.NodeState;
-import org.gatein.common.text.EntityEncoder;
import java.util.Collection;
import java.util.Collections;
@@ -230,7 +230,7 @@
{
if (encodedResolvedLabel == null)
{
- encodedResolvedLabel = EntityEncoder.FULL.encode(getResolvedLabel());
+ encodedResolvedLabel =
HTMLEntityEncoder.getInstance().encode(getResolvedLabel());
}
return encodedResolvedLabel;
}
Modified:
portal/trunk/component/portal/src/main/java/org/exoplatform/portal/pom/config/Utils.java
===================================================================
---
portal/trunk/component/portal/src/main/java/org/exoplatform/portal/pom/config/Utils.java 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/component/portal/src/main/java/org/exoplatform/portal/pom/config/Utils.java 2011-10-03
10:18:22 UTC (rev 7598)
@@ -184,6 +184,23 @@
*/
public static String queryEscape(String s)
{
- return s.replaceAll("[\\\\%_'\"]", "\\\\$0");
+ StringBuilder buffer = new StringBuilder();
+ for (int i = 0; i < s.length(); i++)
+ {
+ char ch = s.charAt(i);
+ if (ch == '%' || ch == '"' || ch == '_' || ch ==
'\\')
+ {
+ buffer.append('\\').append(ch);
+ }
+ else if (ch == '\'')
+ {
+ buffer.append("''");
+ }
+ else
+ {
+ buffer.append(ch);
+ }
+ }
+ return buffer.toString();
}
}
Modified:
portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/TestEscape.java
===================================================================
---
portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/TestEscape.java 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/TestEscape.java 2011-10-03
10:18:22 UTC (rev 7598)
@@ -32,7 +32,7 @@
public void testQueryEscape()
{
assertEquals("\\%", Utils.queryEscape("%"));
- assertEquals("\\'", Utils.queryEscape("'"));
+ assertEquals("''", Utils.queryEscape("'"));
assertEquals("\\\"", Utils.queryEscape("\""));
assertEquals("\\_", Utils.queryEscape("_"));
assertEquals("\\\\", Utils.queryEscape("\\"));
Modified:
portal/trunk/component/web/server/src/main/java/org/exoplatform/upload/UploadService.java
===================================================================
---
portal/trunk/component/web/server/src/main/java/org/exoplatform/upload/UploadService.java 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/component/web/server/src/main/java/org/exoplatform/upload/UploadService.java 2011-10-03
10:18:22 UTC (rev 7598)
@@ -42,6 +42,7 @@
import org.exoplatform.container.xml.PortalContainerInfo;
import org.gatein.common.logging.Logger;
import org.gatein.common.logging.LoggerFactory;
+import org.gatein.common.text.EntityEncoder;
public class UploadService
{
@@ -85,7 +86,6 @@
* the webapp's {@link javax.servlet.http.HttpServletRequest}
* @throws FileUploadException
*/
- @SuppressWarnings("unchecked")
public void createUploadResource(HttpServletRequest request) throws
FileUploadException
{
String uploadId = request.getParameter("uploadId");
@@ -122,8 +122,10 @@
if (fileName == null)
fileName = uploadId;
fileName = fileName.substring(fileName.lastIndexOf('\\') + 1);
+ fileName = EntityEncoder.FULL.encode(fileName);
String storeLocation = uploadLocation_ + "/" + uploadId + "." +
fileName;
+
// commons-fileupload will store the temp file with name *.tmp
// we need to rename it to our desired name
fileItem.getStoreLocation().renameTo(new File(storeLocation));
Modified:
portal/trunk/component/web/server/src/main/java/org/exoplatform/web/handler/UploadHandler.java
===================================================================
---
portal/trunk/component/web/server/src/main/java/org/exoplatform/web/handler/UploadHandler.java 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/component/web/server/src/main/java/org/exoplatform/web/handler/UploadHandler.java 2011-10-03
10:18:22 UTC (rev 7598)
@@ -27,6 +27,7 @@
import org.exoplatform.web.ControllerContext;
import org.exoplatform.web.WebAppController;
import org.exoplatform.web.WebRequestHandler;
+import org.gatein.common.text.EntityEncoder;
import java.io.Writer;
import java.net.URLEncoder;
@@ -86,7 +87,6 @@
continue;
if (upResource.getStatus() == UploadResource.FAILED_STATUS)
{
-
int limitMB = service.getUploadLimitsMB().get(uploadIds[i]).intValue();
value.append("\n
\"").append(uploadIds[i]).append("\": {");
value.append("\n
\"status\":").append('\"').append("failed").append("\",");
Modified: portal/trunk/gadgets/eXoGadgets/src/main/webapp/gadgets/rssAggregator/script.js
===================================================================
---
portal/trunk/gadgets/eXoGadgets/src/main/webapp/gadgets/rssAggregator/script.js 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/gadgets/eXoGadgets/src/main/webapp/gadgets/rssAggregator/script.js 2011-10-03
10:18:22 UTC (rev 7598)
@@ -49,7 +49,7 @@
RssAggregator.prototype.renderFeed = function(feedObj) {
if(feedObj.rc != 200 && feedObj.data == undefined) {
- document.write("the url: " + feedurl + " is down or invalid");
+ document.write("the url: " + gadgets.util.escapeString(feedurl) + " is
down or invalid");
return;
}
this.feed = feedObj.data;
@@ -104,7 +104,7 @@
}
}
} else {
- document.write("No feed found at " + feedurl);
+ document.write("No feed found at " +
gadgets.util.escapeString(feedurl));
}
gadgets.window.adjustHeight();
}
Modified:
portal/trunk/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UIApplicationForm.java
===================================================================
---
portal/trunk/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UIApplicationForm.java 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UIApplicationForm.java 2011-10-03
10:18:22 UTC (rev 7598)
@@ -22,22 +22,20 @@
import org.exoplatform.application.registry.Application;
import org.exoplatform.application.registry.ApplicationCategory;
import org.exoplatform.application.registry.ApplicationRegistryService;
-import org.exoplatform.portal.application.PortalRequestContext;
-import org.exoplatform.portal.webui.portal.UIPortal;
+import org.exoplatform.commons.serialization.api.annotations.Serialized;
import org.exoplatform.web.application.ApplicationMessage;
import org.exoplatform.webui.application.WebuiRequestContext;
-import org.exoplatform.commons.serialization.api.annotations.Serialized;
import org.exoplatform.webui.config.annotation.ComponentConfig;
import org.exoplatform.webui.config.annotation.EventConfig;
import org.exoplatform.webui.core.UIApplication;
import org.exoplatform.webui.core.lifecycle.UIFormLifecycle;
import org.exoplatform.webui.event.Event;
-import org.exoplatform.webui.event.EventListener;
-import org.exoplatform.webui.event.MonitorEvent;
import org.exoplatform.webui.event.Event.Phase;
+import org.exoplatform.webui.event.EventListener;
import org.exoplatform.webui.form.UIForm;
import org.exoplatform.webui.form.UIFormStringInput;
import org.exoplatform.webui.form.UIFormTextAreaInput;
+import org.exoplatform.webui.form.validator.NotHTMLTagValidator;
import org.exoplatform.webui.form.validator.MandatoryValidator;
import org.exoplatform.webui.form.validator.NameValidator;
import org.exoplatform.webui.form.validator.StringLengthValidator;
@@ -56,7 +54,7 @@
@Serialized
public class UIApplicationForm extends UIForm
{
-
+
private Application application_;
public UIApplicationForm() throws Exception
@@ -64,9 +62,10 @@
addUIFormInput(new UIFormStringInput("applicationName",
"applicationName", null).addValidator(
MandatoryValidator.class).addValidator(StringLengthValidator.class, 3,
30).addValidator(NameValidator.class));
addUIFormInput(new UIFormStringInput("displayName",
"displayName", null).addValidator(
- StringLengthValidator.class, 3, 30));
- addUIFormInput(new UIFormTextAreaInput("description",
"description", null).addValidator(
- StringLengthValidator.class, 0, 255));
+ StringLengthValidator.class, 3, 30).addValidator(NotHTMLTagValidator.class));
+ addUIFormInput(new UIFormTextAreaInput("description",
"description", null)
+ .addValidator(StringLengthValidator.class, 0, 255)
+ .addValidator(NotHTMLTagValidator.class));
}
public void setValues(Application app) throws Exception
Modified:
portal/trunk/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UICategoryForm.java
===================================================================
---
portal/trunk/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UICategoryForm.java 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UICategoryForm.java 2011-10-03
10:18:22 UTC (rev 7598)
@@ -22,9 +22,9 @@
import org.exoplatform.application.registry.Application;
import org.exoplatform.application.registry.ApplicationCategory;
import org.exoplatform.application.registry.ApplicationRegistryService;
+import org.exoplatform.commons.serialization.api.annotations.Serialized;
import org.exoplatform.web.application.ApplicationMessage;
import org.exoplatform.webui.application.WebuiRequestContext;
-import org.exoplatform.commons.serialization.api.annotations.Serialized;
import org.exoplatform.webui.config.annotation.ComponentConfig;
import org.exoplatform.webui.config.annotation.EventConfig;
import org.exoplatform.webui.core.UIApplication;
@@ -36,6 +36,7 @@
import org.exoplatform.webui.form.UIFormStringInput;
import org.exoplatform.webui.form.UIFormTabPane;
import org.exoplatform.webui.form.UIFormTextAreaInput;
+import org.exoplatform.webui.form.validator.NotHTMLTagValidator;
import org.exoplatform.webui.form.validator.IdentifierValidator;
import org.exoplatform.webui.form.validator.MandatoryValidator;
import org.exoplatform.webui.form.validator.StringLengthValidator;
@@ -74,7 +75,7 @@
MandatoryValidator.class).addValidator(StringLengthValidator.class, 3,
30).addValidator(
IdentifierValidator.class));
uiCategorySetting.addUIFormInput(new UIFormStringInput(FIELD_DISPLAY_NAME,
FIELD_DISPLAY_NAME, null)
- .addValidator(StringLengthValidator.class, 3, 30));
+ .addValidator(StringLengthValidator.class, 3,
30).addValidator(NotHTMLTagValidator.class));
uiCategorySetting.addUIFormInput(new UIFormTextAreaInput(FIELD_DESCRIPTION,
FIELD_DESCRIPTION, null)
.addValidator(StringLengthValidator.class, 0, 255));
addChild(uiCategorySetting);
Modified:
portal/trunk/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UICategorySelector.java
===================================================================
---
portal/trunk/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UICategorySelector.java 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UICategorySelector.java 2011-10-03
10:18:22 UTC (rev 7598)
@@ -1,27 +1,25 @@
package org.exoplatform.applicationregistry.webui.component;
-import org.apache.shindig.gadgets.Gadget;
import org.exoplatform.application.registry.Application;
import org.exoplatform.application.registry.ApplicationCategory;
import org.exoplatform.application.registry.ApplicationRegistryService;
import org.exoplatform.applicationregistry.webui.Util;
-import org.exoplatform.commons.utils.SerializablePageList;
import org.exoplatform.commons.serialization.api.annotations.Serialized;
+import org.exoplatform.commons.utils.HTMLEntityEncoder;
+import org.exoplatform.commons.utils.SerializablePageList;
import org.exoplatform.webui.config.annotation.ComponentConfig;
import org.exoplatform.webui.config.annotation.EventConfig;
import org.exoplatform.webui.core.UIContainer;
import org.exoplatform.webui.core.lifecycle.UIFormLifecycle;
import org.exoplatform.webui.event.Event;
-import org.exoplatform.webui.event.EventListener;
import org.exoplatform.webui.event.Event.Phase;
+import org.exoplatform.webui.event.EventListener;
import org.exoplatform.webui.form.UIForm;
import org.exoplatform.webui.form.UIFormCheckBoxInput;
import org.exoplatform.webui.form.UIFormInputInfo;
import org.exoplatform.webui.form.UIFormInputSet;
import org.exoplatform.webui.form.UIFormPageIterator;
-import org.gatein.common.text.EntityEncoder;
-
import java.util.ArrayList;
import java.util.List;
@@ -80,7 +78,7 @@
UIFormCheckBoxInput<Boolean> checkBoxInput;
UIFormInputInfo uiInfo;
- EntityEncoder encoder = EntityEncoder.FULL;
+ HTMLEntityEncoder encoder = HTMLEntityEncoder.getInstance();
//
ApplicationRegistryService appRegService =
getApplicationComponent(ApplicationRegistryService.class);
Modified:
portal/trunk/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UIGadgetEditor.java
===================================================================
---
portal/trunk/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UIGadgetEditor.java 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UIGadgetEditor.java 2011-10-03
10:18:22 UTC (rev 7598)
@@ -19,15 +19,14 @@
package org.exoplatform.applicationregistry.webui.component;
-import org.apache.commons.lang.StringEscapeUtils;
import org.apache.shindig.common.uri.Uri;
import org.apache.shindig.gadgets.spec.GadgetSpec;
import org.exoplatform.application.gadget.Gadget;
import org.exoplatform.application.gadget.GadgetRegistryService;
import org.exoplatform.application.gadget.Source;
import org.exoplatform.application.gadget.SourceStorage;
-import org.exoplatform.portal.webui.application.GadgetUtil;
import org.exoplatform.commons.serialization.api.annotations.Serialized;
+import org.exoplatform.portal.webui.application.GadgetUtil;
import org.exoplatform.web.application.ApplicationMessage;
import org.exoplatform.webui.application.WebuiRequestContext;
import org.exoplatform.webui.config.InitParams;
@@ -50,6 +49,7 @@
import org.exoplatform.webui.form.validator.ResourceValidator;
import org.exoplatform.webui.form.validator.StringLengthValidator;
import org.exoplatform.webui.form.validator.Validator;
+
import java.io.Serializable;
import java.util.Calendar;
@@ -120,8 +120,7 @@
{
UIFormTextAreaInput uiInputSource = getUIFormTextAreaInput(FIELD_SOURCE);
UIFormStringInput uiInputName = getUIStringInput(FIELD_NAME);
- String encoded =
StringEscapeUtils.escapeHtml(StringEscapeUtils.unescapeHtml(uiInputSource.getValue()));
- uiInputSource.setValue(encoded);
+ uiInputSource.setValue(uiInputSource.getValue());
if(this.isEdit()) {
uiInputName.setEditable(false);
}
@@ -135,12 +134,6 @@
return (idx > 0) ? fullName.substring(0, idx) : fullName;
}
- private String appendTail(String name)
- {
- int idx = name.indexOf('.');
- return (idx > 0) ? name : name + ".xml";
- }
-
public void setDirPath(String dirPath)
{
this.dirPath = dirPath;
Modified:
portal/trunk/portlet/exoadmin/src/main/java/org/exoplatform/navigation/webui/TreeNode.java
===================================================================
---
portal/trunk/portlet/exoadmin/src/main/java/org/exoplatform/navigation/webui/TreeNode.java 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/portlet/exoadmin/src/main/java/org/exoplatform/navigation/webui/TreeNode.java 2011-10-03
10:18:22 UTC (rev 7598)
@@ -1,5 +1,6 @@
package org.exoplatform.navigation.webui;
+import org.exoplatform.commons.utils.HTMLEntityEncoder;
import org.exoplatform.portal.mop.Described.State;
import org.exoplatform.portal.mop.Visibility;
import org.exoplatform.portal.mop.navigation.NodeChangeListener;
@@ -224,7 +225,7 @@
return node.getName();
}
- return label;
+ return HTMLEntityEncoder.getInstance().encode(label);
}
}
}
Modified:
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/admintoolbar/webui/component/UIUserInfoPortlet.gtmpl
===================================================================
---
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/admintoolbar/webui/component/UIUserInfoPortlet.gtmpl 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/admintoolbar/webui/component/UIUserInfoPortlet.gtmpl 2011-10-03
10:18:22 UTC (rev 7598)
@@ -1,6 +1,7 @@
<%
import org.exoplatform.services.organization.User;
- import org.gatein.common.text.EntityEncoder;
+ import org.gatein.common.text.EntityEncoder;
+ import org.exoplatform.commons.utils.HTMLEntityEncoder;
def rcontext = _ctx.getRequestContext();
@@ -9,7 +10,7 @@
<ul class="UIUserInfoPortlet" id="$uicomponent.id">
<li class="Name">
<% if(rcontext.getRemoteUser() != null) {
- EntityEncoder encoder = EntityEncoder.FULL;
+ EntityEncoder encoder = HTMLEntityEncoder.getInstance();
fullName = encoder.encode(uicomponent.getUser().getFullName());
%>
<a href="$accountSetting"><%=fullName%></a>
Modified:
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/admintoolbar/webui/component/UIUserToolBarSitePortlet.gtmpl
===================================================================
---
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/admintoolbar/webui/component/UIUserToolBarSitePortlet.gtmpl 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/admintoolbar/webui/component/UIUserToolBarSitePortlet.gtmpl 2011-10-03
10:18:22 UTC (rev 7598)
@@ -1,7 +1,8 @@
<%
import org.exoplatform.web.application.JavascriptManager;
import org.exoplatform.portal.webui.util.Util ;
- import org.gatein.common.text.EntityEncoder;
+ import org.gatein.common.text.EntityEncoder;
+ import org.exoplatform.commons.utils.HTMLEntityEncoder;
import org.exoplatform.portal.mop.user.UserNode;
import javax.portlet.MimeResponse;
import javax.portlet.ResourceURL;
@@ -41,7 +42,7 @@
else clazz = "";
href = nodeURL.toString();
- EntityEncoder entityEncoder = EntityEncoder.FULL;
+ EntityEncoder entityEncoder = HTMLEntityEncoder.getInstance();
label = uicomponent.getPortalLabel(portalName);
label = entityEncoder.encode(label);
print """
Modified:
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/applicationregistry/webui/component/UIApplicationInfo.gtmpl
===================================================================
---
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/applicationregistry/webui/component/UIApplicationInfo.gtmpl 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/applicationregistry/webui/component/UIApplicationInfo.gtmpl 2011-10-03
10:18:22 UTC (rev 7598)
@@ -1,12 +1,13 @@
<%
-import org.gatein.common.text.EntityEncoder;
+import org.gatein.common.text.EntityEncoder;
+import org.exoplatform.commons.utils.HTMLEntityEncoder;
def application = uicomponent.getApplication();
def category = uicomponent.getApplicationCategory();
String name = application.getApplicationName();
String srcBG = application.getIconURL();
String srcBGError =
"/eXoResources/skin/sharedImages/Icon80x80/DefaultPortlet.png";
-EntityEncoder encoder = EntityEncoder.FULL;
+EntityEncoder encoder = HTMLEntityEncoder.getInstance();
String categoryDisplayName = encoder.encode(category.getDisplayName());
String applicationDisplayName = encoder.encode(application.getDisplayName());
Modified:
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/applicationregistry/webui/component/UIApplicationOrganizer.gtmpl
===================================================================
---
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/applicationregistry/webui/component/UIApplicationOrganizer.gtmpl 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/applicationregistry/webui/component/UIApplicationOrganizer.gtmpl 2011-10-03
10:18:22 UTC (rev 7598)
@@ -1,5 +1,6 @@
-<%
+<%
import org.gatein.common.text.EntityEncoder;
+import org.exoplatform.commons.utils.HTMLEntityEncoder;
def categories = uicomponent.getCategories();
def selectedCategory = uicomponent.getSelectedCategory();
def apps = uicomponent.getApplications();
@@ -29,7 +30,7 @@
cName = category.getName();
displayName =category.getDisplayName();
if(displayName == null || displayName.length() < 1 ) displayName = cName;
- EntityEncoder encoder = EntityEncoder.FULL;
+ EntityEncoder encoder = HTMLEntityEncoder.getInstance();
displayName = encoder.encode(displayName);
if(selectedCategory != null && cName == selectedCategory.getName()) {
isSelected = true;
Modified:
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/applicationregistry/webui/component/UIGadgetInfo.gtmpl
===================================================================
---
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/applicationregistry/webui/component/UIGadgetInfo.gtmpl 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/applicationregistry/webui/component/UIGadgetInfo.gtmpl 2011-10-03
10:18:22 UTC (rev 7598)
@@ -1,8 +1,9 @@
<%
import org.exoplatform.applicationregistry.webui.component.UICategorySelector;
- import org.gatein.common.text.EntityEncoder;
+ import org.gatein.common.text.EntityEncoder;
+ import org.exoplatform.commons.utils.HTMLEntityEncoder;
- EntityEncoder encoder = EntityEncoder.FULL;
+ EntityEncoder encoder = HTMLEntityEncoder.getInstance();
def gadget = uicomponent.getGadget();
boolean selectorRender = uicomponent.getChild(UICategorySelector.class).isRendered();
String srcBGError =
"/eXoResources/skin/sharedImages/Icon80x80/DefaultPortlet.png";
Modified:
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/applicationregistry/webui/component/UIPortletInfo.gtmpl
===================================================================
---
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/applicationregistry/webui/component/UIPortletInfo.gtmpl 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/applicationregistry/webui/component/UIPortletInfo.gtmpl 2011-10-03
10:18:22 UTC (rev 7598)
@@ -2,11 +2,12 @@
import java.util.Iterator;
import java.util.Map.Entry;
import org.exoplatform.applicationregistry.webui.component.UICategorySelector;
- import org.gatein.common.text.EntityEncoder;
+ import org.gatein.common.text.EntityEncoder;
+ import org.exoplatform.commons.utils.HTMLEntityEncoder;
boolean selectorRender = uicomponent.getChild(UICategorySelector.class).isRendered();
String categoryNames = uicomponent.getCategorieNames();
- EntityEncoder encoder = EntityEncoder.FULL;
+ EntityEncoder encoder = HTMLEntityEncoder.getInstance();
def portlet = uicomponent.getPortlet();
def portletPreferences = portlet.getPortletPreferences();
String srcBG = "/" + portlet.getPortletGroup() +
"/skin/DefaultSkin/portletIcons/" + portlet.getName() + ".png";
Modified:
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/navigation/webui/component/UINavigationGrid.gtmpl
===================================================================
---
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/navigation/webui/component/UINavigationGrid.gtmpl 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/navigation/webui/component/UINavigationGrid.gtmpl 2011-10-03
10:18:22 UTC (rev 7598)
@@ -1,34 +1,52 @@
-<%
- import java.util.List;
- import org.exoplatform.webui.organization.OrganizationUtils;
- import org.exoplatform.portal.mop.SiteKey;
-
- def parent = uicomponent.getParent();
- def navigations = uicomponent.getBeans();
+<%
+ import org.exoplatform.portal.mop.SiteKey;
+ import org.exoplatform.webui.organization.OrganizationUtils;
+ import org.gatein.common.text.EntityEncoder;
+ import org.exoplatform.commons.utils.HTMLEntityEncoder;
+
+ import java.util.List;
+
+ def parent = uicomponent.getParent();
+ def navigations = uicomponent.getBeans();
%>
<div id="$uicomponent.id" class="FeedBox">
- <%
- boolean isEvenRow = true;
- SiteKey siteKey;
- for(navigation in navigations) {
- siteKey = navigation.getKey();
- deleteLink =
parent.event("DeleteNavigation",String.valueOf(siteKey.getName()));
- editProperties =
parent.event("EditProperties",String.valueOf(siteKey.getName()));
- editLink =
parent.event("EditNavigation",String.valueOf(siteKey.getName()));%>
+ <%
+ boolean isEvenRow = true;
+ SiteKey siteKey;
+ EntityEncoder encoder = HTMLEntityEncoder.getInstance();
+ String descriptionLabel =
_ctx.appRes("UIGroupNavigationManagement.Label.Description");
+ String editNavigationLabel =
_ctx.appRes("UIGroupNavigationManagement.Label.EditNavigation");
+ String editPropertiesLabel =
_ctx.appRes("UIGroupNavigationManagement.Label.EditProperties");
+ String deleteNavigationLabel =
_ctx.appRes("UIGroupNavigationManagement.Label.DeleteNavigation");
+ for(navigation in navigations) {
+ siteKey = navigation.getKey();
+ String groupDescription =
OrganizationUtils.getGroupDescription(siteKey.getName());
+ if (groupDescription) {
+ groupDescription = encoder.encode(groupDescription);
+ }
+
+ String groupLabel = OrganizationUtils.getGroupLabel(siteKey.getName())
+ if (groupLabel) {
+ groupLabel = encoder.encode(groupLabel);
+ }
+
+ String deleteLink =
parent.event("DeleteNavigation",String.valueOf(siteKey.getName()));
+ String editProperties =
parent.event("EditProperties",String.valueOf(siteKey.getName()));
+ String editLink =
parent.event("EditNavigation",String.valueOf(siteKey.getName()));%>
<table class="ManagementBlock <%=isEvenRow ?
"EvenRow":"OddRow"%>" style="table-layout:
fixed">
- <tr>
- <td class="Image"><img
src="/exoadmin/skin/navigation/webui/component/background/GroupImage.png"
alt="" /></td>
- <td class="Content">
- <div class="Label" title="$siteKey.name"><%=
OrganizationUtils.getGroupLabel(siteKey.getName()) %></div>
-
<div><%=_ctx.appRes("UIGroupNavigationManagement.Label.Description")%>:
<%= OrganizationUtils.getGroupDescription(siteKey.getName()) %></div>
- </td>
- <td class="ActionBlock">
- <a href="<%=editLink%>"
class="EditNavIcon"><%=_ctx.appRes("UIGroupNavigationManagement.Label.EditNavigation")%></a>
- <a href="<%=editProperties%>"
class="EditProIcon"><%=_ctx.appRes("UIGroupNavigationManagement.Label.EditProperties")%></a>
- <a href="<%=deleteLink%>"
class="DeleteIcon"><%=_ctx.appRes("UIGroupNavigationManagement.Label.DeleteNavigation")%></a>
- </td>
- </tr>
+ <tr>
+ <td class="Image"><img
src="/exoadmin/skin/navigation/webui/component/background/GroupImage.png"
alt="" /></td>
+ <td class="Content">
+ <div class="Label"
title="$siteKey.name">$groupLabel</div>
+ <div>$descriptionLabel: $groupDescription</div>
+ </td>
+ <td class="ActionBlock">
+ <a href="<%=editLink%>"
class="EditNavIcon">$editNavigationLabel</a>
+ <a href="<%=editProperties%>"
class="EditProIcon">$editPropertiesLabel</a>
+ <a href="<%=deleteLink%>"
class="DeleteIcon">$deleteNavigationLabel</a>
+ </td>
+ </tr>
</table>
- <% isEvenRow = !isEvenRow;} %>
+ <% isEvenRow = !isEvenRow;} %>
</div>
Modified:
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/navigation/webui/component/UISiteManagement.gtmpl
===================================================================
---
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/navigation/webui/component/UISiteManagement.gtmpl 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/navigation/webui/component/UISiteManagement.gtmpl 2011-10-03
10:18:22 UTC (rev 7598)
@@ -1,62 +1,68 @@
<%
+ import org.exoplatform.portal.config.UserPortalConfigService;
import org.exoplatform.webui.core.UIComponent ;
import org.exoplatform.webui.form.UIForm;
- import java.text.DateFormat;
- import java.text.SimpleDateFormat;
- import org.exoplatform.portal.config.UserPortalConfigService;
-
+
+ import org.gatein.common.text.EntityEncoder;
+ import org.exoplatform.commons.utils.HTMLEntityEncoder;
+
String[] actions = uicomponent.getActions();
uicomponent.loadPortalConfigs();
def rcontext = _ctx.getRequestContext();
def userPortalConfigService =
uicomponent.getApplicationComponent(UserPortalConfigService.class);
def defaultPortalName = userPortalConfigService.getDefaultPortal();
+ EntityEncoder encoder = HTMLEntityEncoder.getInstance();
+
+ String editLayoutLabel = _ctx.appRes("UISiteManagement.label.editLayout");
+ String editNavigationLabel = _ctx.appRes("UISiteManagement.label.editNav");
+ String editPortalPropLabel =
_ctx.appRes("UISiteManagement.label.editPortalProp");
+ String deletePortalLabel =
_ctx.appRes("UISiteManagement.label.deletePortal");
%>
<div class="UISiteManagement UIManagement"
id="<%=uicomponent.getId();%>">
- <%
- for (portalConfig in uicomponent.getPortalConfigs()) {
- %>
- <table class="ManagementBlock" style="table-layout:
fixed">
- <tr>
- <td class="Image"><img
src="/exoadmin/skin/navigation/webui/component/background/PlImg.gif"
alt=""/></td>
- <td class="Content">
+ <%
+ for (portalConfig in uicomponent.getPortalConfigs()) {
+ %>
+ <table class="ManagementBlock" style="table-layout:
fixed">
+ <tr>
+ <td class="Image"><img
src="/exoadmin/skin/navigation/webui/component/background/PlImg.gif"
alt=""/></td>
+ <td class="Content">
<div
class="Label"><%=uicomponent.getFieldValue(portalConfig, 'name')
%></div>
<%
- def siteLabel = uicomponent.getFieldValue(portalConfig,
'label');
- def siteDescription = uicomponent.getFieldValue(portalConfig,
'description');
- if (siteLabel != null && siteLabel.trim().length()
> 0)
- {
+ String siteLabel = uicomponent.getFieldValue(portalConfig,
'label');
+ if (siteLabel != null && siteLabel.trim().length()
> 0) {
+ siteLabel = encoder.encode(siteLabel);
print
"""<div>$siteLabel</div>""";
}
- if (siteDescription != null &&
siteDescription.trim().length() > 0)
- {
+
+ String siteDescription =
uicomponent.getFieldValue(portalConfig, 'description');
+ if (siteDescription != null &&
siteDescription.trim().length() > 0) {
+ siteDescription = encoder.encode(siteDescription);
print
"""<div>$siteDescription</div>""";
}
%>
- </td>
- <td class="ActionBlock">
- <a href="<%=uicomponent.event("EditPortalLayout",
portalConfig.getName());%>"
class="EditLayoutIcon"><%=_ctx.appRes("UISiteManagement.label.editLayout")%></a>
- <a href="<%=uicomponent.event("EditNavigation",
portalConfig.getName());%>"
class="EditNavIcon"><%=_ctx.appRes("UISiteManagement.label.editNav")%></a>
- <a
href="javascript:ajaxGet(eXo.env.server.createPortalURL('UIPortal',
'EditPortalProperties', true,
[{name:'portalName',value:'<%=portalConfig.getName()%>'}]))"
class="EditNavIcon"><%=_ctx.appRes("UISiteManagement.label.editPortalProp")%></a>
-
- <% if(defaultPortalName != null &&
!defaultPortalName.equals(portalConfig.getName())) {%>
- <a href="<%=uicomponent.url("DeletePortal",
portalConfig.getName());%>"
class="DeleteIcon"><%=_ctx.appRes("UISiteManagement.label.deletePortal")%></a>
- <% } %>
- </td>
- </tr>
- </table>
- <%
- }
- %>
- <%
- if(uicomponent.getPortalConfigs() != null &&
uicomponent.getPortalConfigs().size() > 0){
- %>
- <div class="UIAction">
+ </td>
+ <td class="ActionBlock">
+ <a
href="<%=uicomponent.event("EditPortalLayout",
portalConfig.getName());%>"
class="EditLayoutIcon">$editLayoutLabel</a>
+ <a
href="<%=uicomponent.event("EditNavigation",
portalConfig.getName());%>"
class="EditNavIcon">$editNavigationLabel</a>
+ <a
href="javascript:ajaxGet(eXo.env.server.createPortalURL('UIPortal',
'EditPortalProperties', true,
[{name:'portalName',value:'<%=portalConfig.getName()%>'}]))"
class="EditNavIcon">$editPortalPropLabel</a>
+
+ <% if(defaultPortalName != null &&
!defaultPortalName.equals(portalConfig.getName())) {%>
+ <a
href="<%=uicomponent.url("DeletePortal",
portalConfig.getName());%>"
class="DeleteIcon">$deletePortalLabel</a>
+ <% } %>
+ </td>
+ </tr>
+ </table>
+ <%
+ }
+ %>
+ <%
+ if(uicomponent.getPortalConfigs() != null &&
uicomponent.getPortalConfigs().size() > 0){
+ %>
+ <div class="UIAction">
<a href="javascript:void(0);"
onclick="ajaxGet(eXo.env.server.createPortalURL('UIWorkingWorkspace',
'CreatePortal', true))" class="ActionButton
LightBlueStyle"><%=_ctx.appRes(uicomponent.getId() +
".action.addNewPortal")%></a>
</div>
<%
}
%>
<%uicomponent.renderChildren();%>
-</div>
-
-
+</div>
\ No newline at end of file
Modified:
portal/trunk/portlet/web/src/main/webapp/groovy/portal/webui/component/UIBreadcumbsPortlet.gtmpl
===================================================================
---
portal/trunk/portlet/web/src/main/webapp/groovy/portal/webui/component/UIBreadcumbsPortlet.gtmpl 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/portlet/web/src/main/webapp/groovy/portal/webui/component/UIBreadcumbsPortlet.gtmpl 2011-10-03
10:18:22 UTC (rev 7598)
@@ -3,7 +3,8 @@
import org.exoplatform.portal.mop.user.UserNode;
import org.exoplatform.portal.webui.util.Util;
import org.exoplatform.portal.application.PortalRequestContext;
- import org.gatein.common.text.EntityEncoder;
+ import org.gatein.common.text.EntityEncoder;
+ import org.exoplatform.commons.utils.HTMLEntityEncoder;
import org.exoplatform.web.url.PortalURL;
import org.exoplatform.web.url.navigation.NavigationResource;
Modified:
portal/trunk/portlet/web/src/main/webapp/groovy/portal/webui/component/UIPortalNavigation.gtmpl
===================================================================
---
portal/trunk/portlet/web/src/main/webapp/groovy/portal/webui/component/UIPortalNavigation.gtmpl 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/portlet/web/src/main/webapp/groovy/portal/webui/component/UIPortalNavigation.gtmpl 2011-10-03
10:18:22 UTC (rev 7598)
@@ -2,7 +2,8 @@
import org.exoplatform.portal.mop.user.UserNode;
import org.exoplatform.web.application.JavascriptManager;
import org.exoplatform.portal.webui.util.Util;
- import org.gatein.common.text.EntityEncoder;
+ import org.gatein.common.text.EntityEncoder;
+ import org.exoplatform.commons.utils.HTMLEntityEncoder;
import javax.portlet.MimeResponse;
import org.exoplatform.portal.application.PortalRequestContext;
import org.exoplatform.web.url.PortalURL;
Modified: portal/trunk/web/eXoResources/src/main/webapp/WEB-INF/gatein-resources.xml
===================================================================
--- portal/trunk/web/eXoResources/src/main/webapp/WEB-INF/gatein-resources.xml 2011-10-03
10:08:26 UTC (rev 7597)
+++ portal/trunk/web/eXoResources/src/main/webapp/WEB-INF/gatein-resources.xml 2011-10-03
10:18:22 UTC (rev 7598)
@@ -132,6 +132,16 @@
<js-path>/javascript/eXo/core/DOMUtil.js</js-path>
<js-priority>1</js-priority>
</param>
+ <param>
+ <js-module>eXo.core.HTMLUtil</js-module>
+ <js-path>/javascript/eXo/core/HTMLUtil.js</js-path>
+ <js-priority>2</js-priority>
+ </param>
+ <param>
+ <js-module>eXo.core.html.HTMLEntities</js-module>
+ <js-path>/javascript/eXo/core/html/HTMLEntities.js</js-path>
+ <js-priority>1</js-priority>
+ </param>
<param>
<js-module>eXo.core.Browser</js-module>
<js-path>/javascript/eXo/core/Browser.js</js-path>
Modified: portal/trunk/web/eXoResources/src/main/webapp/javascript/eXo/core/HTMLUtil.js
===================================================================
---
portal/trunk/web/eXoResources/src/main/webapp/javascript/eXo/core/HTMLUtil.js 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/web/eXoResources/src/main/webapp/javascript/eXo/core/HTMLUtil.js 2011-10-03
10:18:22 UTC (rev 7598)
@@ -21,7 +21,7 @@
* @author Nguyen Ba Uoc
*/
// 4test
-if (eXo.require) eXo.require('eXo.core.html.HTMLEntities');
+//if (eXo.require) eXo.require('eXo.core.html.HTMLEntities');
function HTMLUtil() {
this.entities = eXo.core.html.HTMLEntities ;
Modified:
portal/trunk/web/eXoResources/src/main/webapp/javascript/eXo/portal/PortalHttpRequest.js
===================================================================
---
portal/trunk/web/eXoResources/src/main/webapp/javascript/eXo/portal/PortalHttpRequest.js 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/web/eXoResources/src/main/webapp/javascript/eXo/portal/PortalHttpRequest.js 2011-10-03
10:18:22 UTC (rev 7598)
@@ -61,6 +61,7 @@
* which is itself placed inside an array to provide an OO view of the
* AJAX response
*/
+
function PortletResponse(responseDiv) {
var DOMUtil = eXo.core.DOMUtil ;
var div = eXo.core.DOMUtil.getChildrenByTagName(responseDiv, "div") ;
@@ -125,7 +126,7 @@
this.blocksToUpdate[j] = obj ;
/*
- * handle embeded javascripts to dynamically add them to the page head
+ * handle embedded javascripts to dynamically add them to the page head
*
* This is needed when we refresh an entire portal page that contains some
* standard JSR 168 / 286 portlets with embeded <script> tag
@@ -406,6 +407,8 @@
instance.executeScript = function(script) {
if(script == null || script == "") return ;
try {
+ var HTMLUtil = eXo.core.HTMLUtil;
+ script = HTMLUtil.entitiesDecode(script);
eval(script) ;
return;
} catch(err) {
@@ -421,7 +424,7 @@
}
}
} ;
-
+
instance.updateHtmlHead = function(response) {
if (!response) return;
cleanHtmlHead(response);
Modified: portal/trunk/web/eXoResources/src/main/webapp/javascript/eXo/webui/UIUpload.js
===================================================================
---
portal/trunk/web/eXoResources/src/main/webapp/javascript/eXo/webui/UIUpload.js 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/web/eXoResources/src/main/webapp/javascript/eXo/webui/UIUpload.js 2011-10-03
10:18:22 UTC (rev 7598)
@@ -43,7 +43,7 @@
//eXo.webui.UIUpload.listLimitMB.push();
this.createUploadEntry(uploadId, isAutoUpload);
} else if(response.upload[uploadId].percent == 100) {
- this.showUploaded(uploadId, decodeURIComponent(response.upload[uploadId].fileName));
+ this.showUploaded(uploadId, (response.upload[uploadId].fileName));
}
};
@@ -97,11 +97,10 @@
if(list.length < 1) return;
var url = eXo.env.server.context + "/upload?" ;
url += "action=progress" ;
-// var url = eXo.env.server.context + "/upload?action=progress";
+// var url = eXo.env.server.context + "/upload?action=progress";
for(var i = 0; i < list.length; i++){
url = url + "&uploadId=" + list[i];
}
-
var responseText = ajaxAsyncGetRequest(url, false);
if(list.length > 0) {
setTimeout("eXo.webui.UIUpload.refeshProgress('" + elementId +
"');", 1000);
@@ -111,16 +110,15 @@
try {
eval("response = "+responseText);
}catch(err) {
- return;
+ return;
}
-
+
+
for(id in response.upload) {
var container = parent.document.getElementById(elementId);
if (response.upload[id].status == "failed") {
this.abortUpload(id);
var message = eXo.core.DOMUtil.findFirstChildByClass(container, "div",
"LimitMessage").innerHTML ;
- alert(message.replace("{0}", response.upload[id].size)) ;
-// alert(response.upload[id].message);
continue;
}
var element = document.getElementById(id+"ProgressIframe");
@@ -129,9 +127,11 @@
var blueProgressBar = eXo.core.DOMUtil.findFirstChildByClass(progressBarMiddle,
"div", "BlueProgressBar") ;
var progressBarLabel = eXo.core.DOMUtil.findFirstChildByClass(blueProgressBar,
"div", "ProgressBarLabel") ;
blueProgressBar.style.width = percent + "%" ;
+
progressBarLabel.innerHTML = percent + "%" ;
-
- if(percent == 100) this.showUploaded(id, "");
+ if(percent == 100) {
+ this.showUploaded(id, response.upload[id].fileName);
+ }
}
if(eXo.webui.UIUpload.listUpload.length < 1) return;
@@ -160,7 +160,7 @@
var selectFileFrame = eXo.core.DOMUtil.findFirstDescendantByClass(container,
"div", "SelectFileFrame") ;
selectFileFrame.style.display = "block" ;
var fileNameLabel = eXo.core.DOMUtil.findFirstDescendantByClass(selectFileFrame,
"div", "FileNameLabel") ;
- if(fileName != null) fileNameLabel.innerHTML += " " + fileName;
+ if(fileName != null) fileNameLabel.innerHTML = decodeURIComponent(fileName);
var progressBarFrame = eXo.core.DOMUtil.findFirstDescendantByClass(container,
"div", "ProgressBarFrame") ;
progressBarFrame.style.display = "none" ;
var tmp = element.parentNode;
@@ -246,19 +246,7 @@
var file = DOMUtil.findDescendantById(form, "file");
if(file.value == null || file.value == '') return;
- var infoUploaded = eXo.core.DOMUtil.findFirstDescendantByClass(container,
"div", "FileNameLabel") ;
- var temp = file.value;
- if (temp.indexOf('/') != -1) {
- temp = temp.substr((temp.lastIndexOf('/') + 1), temp.length - 1) ;
- }
-
- if (temp.indexOf('\\') != -1) {
- temp = temp.substr((temp.lastIndexOf('\\') + 1), temp.length - 1) ;
- }
-
- infoUploaded.innerHTML = temp ;
-
var progressBarFrame = DOMUtil.findFirstDescendantByClass(container, "div",
"ProgressBarFrame") ;
progressBarFrame.style.display = "block" ;
var progressBarMiddle = DOMUtil.findFirstDescendantByClass(container, "div",
"ProgressBarMiddle") ;
Modified:
portal/trunk/web/portal/src/main/webapp/WEB-INF/classes/locale/portal/webui_en.properties
===================================================================
---
portal/trunk/web/portal/src/main/webapp/WEB-INF/classes/locale/portal/webui_en.properties 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/web/portal/src/main/webapp/WEB-INF/classes/locale/portal/webui_en.properties 2011-10-03
10:18:22 UTC (rev 7598)
@@ -111,6 +111,12 @@
URLValidator.msg.invalid-url=The "{0}" field does not contain a valid URL.
#############################################################################
+ # Escape HTML character Validator #
+ #############################################################################
+
+NotHTMLTagValidator.msg.value-invalid=The "{0}" field is invalid, it should not
contain HTML tag.
+
+ #############################################################################
# Label for UIFormMultiValueInputSet #
#############################################################################
Modified:
portal/trunk/web/portal/src/main/webapp/WEB-INF/classes/locale/portal/webui_vi.properties
===================================================================
---
portal/trunk/web/portal/src/main/webapp/WEB-INF/classes/locale/portal/webui_vi.properties 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/web/portal/src/main/webapp/WEB-INF/classes/locale/portal/webui_vi.properties 2011-10-03
10:18:22 UTC (rev 7598)
@@ -85,6 +85,12 @@
URLValidator.msg.invalid-url=Giá trị trường "{0}" không hợp lệ!
#############################################################################
+ # Escape HTML character Validator #
+ #############################################################################
+
+NotHTMLTagValidator.msg.value-invalid=Giá trị trường "{0}" không hợp lệ, không
cho phép dấu < hoặc >.
+
+ #############################################################################
# Label for UIFormMultiValueInputSet #
#############################################################################
Modified:
portal/trunk/web/portal/src/main/webapp/groovy/portal/webui/application/UIApplicationList.gtmpl
===================================================================
---
portal/trunk/web/portal/src/main/webapp/groovy/portal/webui/application/UIApplicationList.gtmpl 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/web/portal/src/main/webapp/groovy/portal/webui/application/UIApplicationList.gtmpl 2011-10-03
10:18:22 UTC (rev 7598)
@@ -1,8 +1,10 @@
<%
import org.gatein.common.text.EntityEncoder;
+import org.exoplatform.commons.utils.HTMLEntityEncoder;
def categories = uicomponent.getCategories();
def selectedCategory = uicomponent.getSelectedCategory();
+EntityEncoder encoder = HTMLEntityEncoder.getInstance();
%>
<div class="UIOrganizerManagement" id="$uicomponent.id">
<div class="AppRegistryContainer">
@@ -15,15 +17,14 @@
<%
String cTab, cName, description, displayName;
boolean isSelected = false;
- for(category in categories) {
- cName = category.getName();
- EntityEncoder encoder = EntityEncoder.FULL;
+ for(category in categories) {
+ cName = category.getName();
displayName = encoder.encode(category.getDisplayName());
- if(displayName == null || displayName.length() < 1 ) displayName = cName;
- if(selectedCategory != null && cName == selectedCategory.getName()) {
+ if (displayName == null || displayName.length() < 1 ) displayName = cName;
+ if (selectedCategory != null && cName == selectedCategory.getName()) {
isSelected = true;
cTab = "SelectedTab";
- }else {
+ } else {
isSelected = false;
cTab = "NormalTab";
}
@@ -34,11 +35,12 @@
<%= displayName %>
</a>
</div>
- <% if(isSelected) { %>
+ <% if (isSelected) { %>
<div class="UIVTabContent" style="display: block">
<%
- for(application in uicomponent.getApplications()) {
- String applicationLabel = application.getDisplayName();
+ for (application in uicomponent.getApplications()) {
+ String applicationName = encoder.encode(application.getDisplayName());
+ String applicationDescription =
encoder.encode(application.getDescription());
String srcBG = application.getIconURL();
String srcBGError =
"/eXoResources/skin/sharedImages/Icon80x80/DefaultPortlet.png";
%>
@@ -46,9 +48,9 @@
<div class="VTabContentBG">
<div class="OverflowContainer">
<img src="<%=(srcBG!=null &&
srcBG.length()>0)?srcBG:srcBGError%>"
onError="src='$srcBGError'" alt=""/>
- <div class="ContentInfo" title="<%=
application.getDisplayName() %>" style="cursor:move;">
- <div class="LabelTab">$applicationLabel</div>
- <div class="LableText"><%= application.getDescription()
%></div>
+ <div class="ContentInfo" title="$applicationName"
style="cursor:move;">
+ <div class="LabelTab">$applicationName</div>
+ <div class="LableText">$applicationDescription</div>
</div>
<div class="ClearLeft"><span></span></div>
</div>
Modified:
portal/trunk/web/portal/src/main/webapp/groovy/portal/webui/application/UIPortlet.gtmpl
===================================================================
---
portal/trunk/web/portal/src/main/webapp/groovy/portal/webui/application/UIPortlet.gtmpl 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/web/portal/src/main/webapp/groovy/portal/webui/application/UIPortlet.gtmpl 2011-10-03
10:18:22 UTC (rev 7598)
@@ -1,8 +1,10 @@
<%
- import org.exoplatform.portal.webui.page.UIPage;
+ import org.exoplatform.portal.webui.workspace.UIPortalApplication;
+ import org.exoplatform.web.application.JavascriptManager;
+ import org.gatein.common.text.EntityEncoder;
+ import org.exoplatform.commons.utils.HTMLEntityEncoder;
+
import javax.portlet.WindowState;
- import org.exoplatform.web.application.JavascriptManager;
- import org.exoplatform.portal.webui.workspace.UIPortalApplication;
def rcontext = _ctx.getRequestContext();
@@ -20,6 +22,9 @@
WindowState windowState = uicomponent.getCurrentWindowState();
String portletId = uicomponent.getId();
+ EntityEncoder encoder = HTMLEntityEncoder.getInstance();
+
+ String title = encoder.encode(uicomponent.getDisplayTitle());
if(uiPortalApp.isEditing()) {
%>
<div class="UIPortlet
<%=hasPermission?"":"ProtectedPortlet"%>"
id="UIPortlet-$portletId"
onmouseover="eXo.portal.UIPortal.blockOnMouseOver(event, this, true);"
onmouseout="eXo.portal.UIPortal.blockOnMouseOver(event, this, false);"
@@ -35,7 +40,7 @@
<div class="CPortletLayoutDecorator">
<%
if(hasPermission) {
- print uicomponent.getDisplayTitle();
+ print title;
} else print "<div
class='ProtectedContent'>"+_ctx.appRes("UIPortlet.label.protectedContent")+"</div>";
%>
</div>
@@ -52,7 +57,6 @@
if(portalMode != uiPortalApp.CONTAINER_BLOCK_EDIT_MODE && portalMode !=
uiPortalApp.APP_BLOCK_EDIT_MODE) {
if(uicomponent.getShowInfoBar()) {
- String title = uicomponent.getDisplayTitle();
if(title == null || title.trim().length() < 1)
title = portletId;
/*Begin Window Portlet Bar*/
@@ -225,7 +229,6 @@
String portletIcon = uicomponent.getIcon();
if(portletIcon == null) portletIcon = "PortletIcon";
- String title = uicomponent.getDisplayTitle();
if(title.length() > 30) title = title.substring(0,27) + "...";
%>
<div class="PortletIcon $portletIcon"><%=hasPermission ? title
: _ctx.appRes("UIPortlet.label.protectedContent")%></div>
Modified:
portal/trunk/web/portal/src/main/webapp/groovy/portal/webui/page/UIWizardPageSetInfo.gtmpl
===================================================================
---
portal/trunk/web/portal/src/main/webapp/groovy/portal/webui/page/UIWizardPageSetInfo.gtmpl 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/web/portal/src/main/webapp/groovy/portal/webui/page/UIWizardPageSetInfo.gtmpl 2011-10-03
10:18:22 UTC (rev 7598)
@@ -1,6 +1,8 @@
<%
import org.exoplatform.portal.webui.navigation.UIPageNodeSelector;
import org.exoplatform.webui.core.UIComponent;
+ import org.gatein.common.text.EntityEncoder;
+ import org.exoplatform.commons.utils.HTMLEntityEncoder;
String nodeName = "/";
boolean isNoSelecter = !uicomponent.getChild(UIPageNodeSelector.class).isRendered();
@@ -10,7 +12,7 @@
<div class="<%=isNoSelecter ? "NoPageSelecter" :
""%>">
<%if(!isNoSelecter) {
def pageNode = uicomponent.getSelectedPageNode();
- if( pageNode!=null && pageNode.getResolvedLabel() != null ) nodeName +=
pageNode.getResolvedLabel();
+ if( pageNode != null && pageNode.getResolvedLabel() != null ) nodeName +=
pageNode.getResolvedLabel();
%>
<div class="PageNodeContainer">
<% uicomponent.renderChild(UIPageNodeSelector.class); %>
@@ -22,11 +24,12 @@
<div class="OverflowContainer">
<div class="Icon"><span></span></div>
<div class="Label"><%=_ctx.appRes(uicomponent.getId() +
".label.curentSelectedNodeInfo")%>:</div>
- <% if(nodeName.length() > 40) { %>
- <div class="Info"><%= nodeName.substring(0,39)
%>...</div>
- <% } else { %>
- <div class="Info"><%= nodeName%></div>
- <% } %>
+ <% if(nodeName.length() > 40) {
+ nodeName = nodeName.substring(0,39) + "...";
+ }
+ nodeName = HTMLEntityEncoder.getInstance().encode(nodeName);
+ %>
+ <div class="Info">$nodeName</div>
</div>
</div>
Modified: portal/trunk/web/portal/src/main/webapp/groovy/webui/core/UIBreadcumbs.gtmpl
===================================================================
---
portal/trunk/web/portal/src/main/webapp/groovy/webui/core/UIBreadcumbs.gtmpl 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/web/portal/src/main/webapp/groovy/webui/core/UIBreadcumbs.gtmpl 2011-10-03
10:18:22 UTC (rev 7598)
@@ -2,7 +2,8 @@
import java.util.List;
import org.exoplatform.portal.webui.util.Util;
import org.exoplatform.portal.application.PortalRequestContext;
- import org.gatein.common.text.EntityEncoder;
+ import org.gatein.common.text.EntityEncoder;
+ import org.exoplatform.commons.utils.HTMLEntityEncoder;
List list = uicomponent.getPath();
def styleBread = uicomponent.getBreadcumbsStyle();
@@ -27,7 +28,7 @@
actionLink = uicomponent.event("SelectPath", localPath.getId());
else
actionLink = portalURI + localPath.getId();
- EntityEncoder entityEncoder = EntityEncoder.FULL;
+ EntityEncoder entityEncoder = HTMLEntityEncoder.getInstance();
String label = entityEncoder.encode(localPath.label)
if(i == list.size()-1) note = "Selected";
%>
Modified: portal/trunk/web/portal/src/main/webapp/groovy/webui/core/UIGrid.gtmpl
===================================================================
--- portal/trunk/web/portal/src/main/webapp/groovy/webui/core/UIGrid.gtmpl 2011-10-03
10:08:26 UTC (rev 7597)
+++ portal/trunk/web/portal/src/main/webapp/groovy/webui/core/UIGrid.gtmpl 2011-10-03
10:18:22 UTC (rev 7598)
@@ -4,6 +4,7 @@
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import org.gatein.common.text.EntityEncoder;
+ import org.exoplatform.commons.utils.HTMLEntityEncoder;
String[] beanFields = uicomponent.getBeanFields();
String[] beanActions = uicomponent.getBeanActions();
@@ -65,7 +66,7 @@
%>
<tr class="$rowClass">
<%
- EntityEncoder encoder = EntityEncoder.FULL;
+ EntityEncoder encoder = HTMLEntityEncoder.getInstance();
for (field in beanFields)
{
def fieldValue = uicomponent.getFieldValue(bean, field);
Modified: portal/trunk/web/portal/src/main/webapp/groovy/webui/core/UIPopupMessages.gtmpl
===================================================================
---
portal/trunk/web/portal/src/main/webapp/groovy/webui/core/UIPopupMessages.gtmpl 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/web/portal/src/main/webapp/groovy/webui/core/UIPopupMessages.gtmpl 2011-10-03
10:18:22 UTC (rev 7598)
@@ -8,7 +8,8 @@
*/
%>
<%
- import org.gatein.common.text.EntityEncoder;
+ import org.gatein.common.text.EntityEncoder;
+ import org.exoplatform.commons.utils.HTMLEntityEncoder;
String popupId = uicomponent.getId();
def rcontext = _ctx.getRequestContext();
@@ -66,7 +67,7 @@
}
}
}
- EntityEncoder encoder = EntityEncoder.FULL;
+ EntityEncoder encoder = HTMLEntityEncoder.getInstance();
msgValue = encoder.encode(msgValue);
println msgValue;
Modified: portal/trunk/webui/core/src/main/java/org/exoplatform/webui/core/UITree.java
===================================================================
---
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/core/UITree.java 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/core/UITree.java 2011-10-03
10:18:22 UTC (rev 7598)
@@ -20,6 +20,7 @@
package org.exoplatform.webui.core;
import org.exoplatform.commons.serialization.api.annotations.Serialized;
+import org.exoplatform.commons.utils.HTMLEntityEncoder;
import org.exoplatform.util.ReflectionUtil;
import org.exoplatform.webui.application.WebuiRequestContext;
import org.exoplatform.webui.config.annotation.ComponentConfig;
@@ -117,6 +118,11 @@
* A right click popup menu
*/
private UIRightClickPopupMenu uiPopupMenu_;
+
+ /**
+ * Encode the value before rendering or not
+ */
+ private boolean escapeHTML_ = false;
public Object getFieldValue(Object bean, String field) throws Exception
{
@@ -260,6 +266,16 @@
uiPopupMenu_.setParent(this);
}
+ public void setEscapeHTML(boolean escape)
+ {
+ escapeHTML_ = escape;
+ }
+
+ public boolean getEscapeHTML()
+ {
+ return escapeHTML_;
+ }
+
public String event(String name, String beanId) throws Exception
{
UIForm uiForm = getAncestorOfType(UIForm.class);
@@ -305,6 +321,12 @@
{
fieldValue = fieldValue.substring(0, getMaxTitleCharacter() - 3) +
"...";
}
+
+ if (escapeHTML_)
+ {
+ fieldValue = fieldValue != null ?
HTMLEntityEncoder.getInstance().encode(fieldValue) : fieldValue;
+ }
+
if (nodeIcon.equals(expandIcon))
{
builder.append(" <div
class=\"").append(nodeIcon).append("\"
onclick=\"").append(actionLink).append("\">");
Modified:
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormDateTimeInput.java
===================================================================
---
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormDateTimeInput.java 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormDateTimeInput.java 2011-10-03
10:18:22 UTC (rev 7598)
@@ -19,6 +19,7 @@
package org.exoplatform.webui.form;
+import org.exoplatform.commons.utils.HTMLEntityEncoder;
import org.exoplatform.web.application.JavascriptManager;
import org.exoplatform.webui.application.WebuiRequestContext;
@@ -58,11 +59,6 @@
private String datePattern_;
/**
- * The date
- */
- private Date date;
-
- /**
* List of month's name
*/
private String[] months_;
@@ -70,7 +66,7 @@
public UIFormDateTimeInput(String name, String bindField, Date date, boolean
isDisplayTime)
{
super(name, bindField, String.class);
- this.date = date;
+ setDate(date);
setDisplayTime(isDisplayTime);
WebuiRequestContext requestContext = WebuiRequestContext.getCurrentInstance();
@@ -93,21 +89,28 @@
isDisplayTime_ = isDisplayTime;
}
- public void setCalendar(Calendar date)
+ public void setCalendar(Calendar calendar)
{
WebuiRequestContext requestContext = WebuiRequestContext.getCurrentInstance();
formatPattern(requestContext.getLocale());
+ Date date = null;
+ if (calendar != null)
+ {
+ date = calendar.getTime();
+ }
+ setDate(date);
+ }
+
+ private void setDate(Date date)
+ {
if (date != null)
{
- this.date = date.getTime();
- value_ = dateFormat_.format(date.getTime());
+ value_ = dateFormat_.format(date);
}
else
{
- this.date = null;
value_ = null;
}
-
}
public Calendar getCalendar()
@@ -184,8 +187,9 @@
@SuppressWarnings("unused")
public void decode(Object input, WebuiRequestContext context) throws Exception
{
- if (input != null)
+ if (input != null) {
value_ = ((String)input).trim();
+ }
}
public void processRender(WebuiRequestContext context) throws Exception
@@ -203,27 +207,30 @@
}
}
- if (date != null)
+ String value = getValue();
+
+ if (value != null && value.length() > 0)
{
- value_ = dateFormat_.format(date);
+ value = HTMLEntityEncoder.getInstance().encodeHTMLAttribute(value);
}
- else if (value_ == null)
+ else
{
- value_ = "";
+ value = "";
}
+
JavascriptManager jsManager = context.getJavascriptManager();
jsManager.importJavascript("eXo.webui.UICalendar");
jsManager.addJavascript("eXo.webui.UICalendar.setFirstDayOfWeek(" +
Calendar.getInstance(context.getLocale()).getFirstDayOfWeek() + ");");
Writer w = context.getWriter();
- w.write("<input type='text'
onfocus='eXo.webui.UICalendar.init(this,");
+ w.write("<input type=\"text\"
onfocus='eXo.webui.UICalendar.init(this,");
w.write(String.valueOf(isDisplayTime_));
w.write(",\"");
w.write(getDatePattern_());
w.write("\"");
w.write(",\"");
- w.write(value_.toString());
+ w.write(value);
w.write("\"");
w.write(",\"");
w.write(monthNames_);
@@ -231,12 +238,9 @@
w.write(");' onkeyup='eXo.webui.UICalendar.show();'
name='");
w.write(getName());
w.write('\'');
- if (value_ != null && value_.length() > 0)
- {
- w.write(" value='");
- w.write(value_.toString());
- w.write('\'');
- }
+ w.write(" value=\"");
+ w.write(value);
+ w.write('\"');
w.write(" onclick='event.cancelBubble = true'
onkeydown='eXo.webui.UICalendar.onTabOut(event)'/>");
}
}
Modified:
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormHiddenInput.java
===================================================================
---
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormHiddenInput.java 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormHiddenInput.java 2011-10-03
10:18:22 UTC (rev 7598)
@@ -19,6 +19,7 @@
package org.exoplatform.webui.form;
+import org.exoplatform.commons.utils.HTMLEntityEncoder;
import org.exoplatform.webui.application.WebuiRequestContext;
import java.io.Writer;
@@ -62,10 +63,12 @@
print.write(" id='");
print.write(getId());
print.write("'");
- if (value_ != null && value_.length() > 0)
+ String value = getValue();
+ if (value != null && value.length() > 0)
{
print.write(" value='");
- print.write(value_);
+ value = HTMLEntityEncoder.getInstance().encodeHTMLAttribute(value);
+ print.write(value);
print.write("'");
}
print.write(" />");
Modified:
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormInputBase.java
===================================================================
---
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormInputBase.java 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormInputBase.java 2011-10-03
10:18:22 UTC (rev 7598)
@@ -19,8 +19,8 @@
package org.exoplatform.webui.form;
-import org.exoplatform.webui.application.WebuiRequestContext;
import org.exoplatform.commons.serialization.api.annotations.Serialized;
+import org.exoplatform.webui.application.WebuiRequestContext;
import org.exoplatform.webui.core.UIComponent;
import org.exoplatform.webui.core.UIContainer;
import org.exoplatform.webui.event.Event;
@@ -90,7 +90,7 @@
* Whether this field is in read only mode
*/
protected boolean readonly_ = false;
-
+
public UIFormInputBase(String name, String bindingField, Class<T> typeValue)
{
this.name = name;
@@ -237,5 +237,4 @@
{
this.label = label;
}
-
}
\ No newline at end of file
Modified:
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormInputInfo.java
===================================================================
---
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormInputInfo.java 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormInputInfo.java 2011-10-03
10:18:22 UTC (rev 7598)
@@ -19,8 +19,9 @@
package org.exoplatform.webui.form;
+import org.exoplatform.commons.serialization.api.annotations.Serialized;
+import org.exoplatform.commons.utils.HTMLEntityEncoder;
import org.exoplatform.webui.application.WebuiRequestContext;
-import org.exoplatform.commons.serialization.api.annotations.Serialized;
import java.io.Writer;
@@ -52,8 +53,12 @@
{
Writer w = context.getWriter();
w.append("<span id=\"").append(getId()).append("\"
class=\"").append(getId()).append("\">");
- if (value_ != null)
- w.write(value_);
+ String value = getValue();
+ if (value != null)
+ {
+ value = HTMLEntityEncoder.getInstance().encode(value);
+ w.write(value);
+ }
w.write("</span>");
}
Modified:
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormSelectBox.java
===================================================================
---
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormSelectBox.java 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormSelectBox.java 2011-10-03
10:18:22 UTC (rev 7598)
@@ -19,8 +19,9 @@
package org.exoplatform.webui.form;
+import org.exoplatform.commons.serialization.api.annotations.Serialized;
+import org.exoplatform.commons.utils.HTMLEntityEncoder;
import org.exoplatform.webui.application.WebuiRequestContext;
-import org.exoplatform.commons.serialization.api.annotations.Serialized;
import org.exoplatform.webui.core.UIComponent;
import org.exoplatform.webui.core.model.SelectItemOption;
@@ -254,10 +255,12 @@
{
}
+ String value = item.getValue();
+ value = HTMLEntityEncoder.getInstance().encodeHTMLAttribute(value);
if (item.isSelected())
{
w.write("<option selected=\"selected\"
value=\"");
- w.write(item.getValue());
+ w.write(value);
w.write("\">");
}
else
Modified:
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormStringInput.java
===================================================================
---
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormStringInput.java 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormStringInput.java 2011-10-03
10:18:22 UTC (rev 7598)
@@ -19,8 +19,9 @@
package org.exoplatform.webui.form;
-import org.exoplatform.webui.application.WebuiRequestContext;
import org.exoplatform.commons.serialization.api.annotations.Serialized;
+import org.exoplatform.commons.utils.HTMLEntityEncoder;
+import org.exoplatform.webui.application.WebuiRequestContext;
import java.io.Writer;
@@ -88,7 +89,6 @@
return maxLength;
}
- @SuppressWarnings("unused")
public void decode(Object input, WebuiRequestContext context) throws Exception
{
String val = (String)input;
@@ -101,6 +101,7 @@
public void processRender(WebuiRequestContext context) throws Exception
{
+ String value = getValue();
Writer w = context.getWriter();
w.write("<input name='");
w.write(getName());
@@ -112,10 +113,11 @@
w.write(" id='");
w.write(getId());
w.write('\'');
- if (value_ != null && value_.length() > 0)
+ if (value != null && value.length() > 0)
{
+ value = HTMLEntityEncoder.getInstance().encodeHTMLAttribute(value);
w.write(" value='");
- w.write(encodeValue(value_).toString());
+ w.write(value);
w.write('\'');
}
if (maxLength > 0)
@@ -128,34 +130,4 @@
if (this.isMandatory())
w.write(" *");
}
-
- private StringBuilder encodeValue(String value)
- {
- char[] chars = {'\'', '"'};
- String[] refs = {"'", """};
- StringBuilder builder = new StringBuilder(value);
- int idx;
- for (int i = 0; i < chars.length; i++)
- {
- idx = indexOf(builder, chars[i], 0);
- while (idx > -1)
- {
- builder = builder.replace(idx, idx + 1, refs[i]);
- idx = indexOf(builder, chars[i], idx);
- }
- }
- return builder;
- }
-
- private int indexOf(StringBuilder builder, char c, int from)
- {
- int i = from;
- while (i < builder.length())
- {
- if (builder.charAt(i) == c)
- return i;
- i++;
- }
- return -1;
- }
}
\ No newline at end of file
Modified:
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormTextAreaInput.java
===================================================================
---
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormTextAreaInput.java 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormTextAreaInput.java 2011-10-03
10:18:22 UTC (rev 7598)
@@ -19,8 +19,9 @@
package org.exoplatform.webui.form;
+import org.exoplatform.commons.serialization.api.annotations.Serialized;
+import org.exoplatform.commons.utils.HTMLEntityEncoder;
import org.exoplatform.webui.application.WebuiRequestContext;
-import org.exoplatform.commons.serialization.api.annotations.Serialized;
import java.io.Writer;
@@ -50,7 +51,6 @@
this.value_ = value ;
}
- @SuppressWarnings("unused")
public void decode(Object input, WebuiRequestContext context) throws Exception {
String val = (String) input ;
value_ = val ;
@@ -72,9 +72,10 @@
w.append("
cols=\"").append(String.valueOf(columns)).append("\"");
w.write(">");
if (value != null)
- //TODO: remove from other components and than encode here
- //w.write(org.gatein.common.text.EntityEncoder.FULL.encode(value));
+ {
+ value = HTMLEntityEncoder.getInstance().encode(value);
w.write(value);
+ }
w.write("</textarea>");
if (this.isMandatory())
w.write(" *");
Modified:
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormWYSIWYGInput.java
===================================================================
---
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormWYSIWYGInput.java 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormWYSIWYGInput.java 2011-10-03
10:18:22 UTC (rev 7598)
@@ -28,11 +28,10 @@
* Author : Tran The Trong
* trongtt(a)gmail.com
* November 07, 2007
+
+ * @deprecated should use {@link org.exoplatform.webui.form.wysiwyg.UIFormWYSIWYGInput}
instead
*/
@Deprecated
-/**
- * Should use org.exoplatform.webui.form.wysiwyg.UIFormWYSIWYGInput
- * */
public class UIFormWYSIWYGInput extends UIFormInputBase<String>
{
Modified:
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/ext/UIFormColorPicker.java
===================================================================
---
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/ext/UIFormColorPicker.java 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/ext/UIFormColorPicker.java 2011-10-03
10:18:22 UTC (rev 7598)
@@ -19,6 +19,7 @@
package org.exoplatform.webui.form.ext;
+import org.exoplatform.commons.utils.HTMLEntityEncoder;
import org.exoplatform.webui.application.WebuiRequestContext;
import org.exoplatform.webui.form.UIForm;
import org.exoplatform.webui.form.UIFormInput;
@@ -196,12 +197,17 @@
public void processRender(WebuiRequestContext context) throws Exception
{
+ String value = getValue();
+ if (value != null)
+ {
+ value = HTMLEntityEncoder.getInstance().encode(value);
+ }
Writer w = context.getWriter();
w.write("<div class='UIFormColorPicker'>");
w.write("<div class=\"UIColorPickerInput\"
onclick=\"eXo.webui.UIColorPicker.show(this)\">");
- w.write("<span class=\" DisplayValue " +
encodeValue(value_).toString() + "\"></span>");
+ w.write("<span class=\" DisplayValue " + value +
"\"></span>");
w.write("</div>");
- w.write("<div class=\"CalendarTableColor\"
selectedColor=\"" + encodeValue(value_).toString() + " \">");
+ w.write("<div class=\"CalendarTableColor\"
selectedColor=\"" + value + " \">");
int i = 0;
int count = 0;
while (i <= size() / items())
@@ -227,9 +233,9 @@
w.write("</div>");
w.write("<input class='UIColorPickerValue' name='" +
getId() + "' type='hidden'" + " id='" + getId() +
"' "
+ renderJsActions());
- if (value_ != null && value_.trim().length() > 0)
+ if (value != null && value.trim().length() > 0)
{
- w.write(" value='" + value_ + "'");
+ w.write(" value='" + value + "'");
}
w.write(" />");
w.write("</div>");
@@ -243,36 +249,6 @@
return super.setValue(arg0);
}
- private StringBuilder encodeValue(String value)
- {
- char[] chars = {'\'', '"'};
- String[] refs = {"'", """};
- StringBuilder builder = new StringBuilder(value);
- int idx;
- for (int i = 0; i < chars.length; i++)
- {
- idx = indexOf(builder, chars[i], 0);
- while (idx > -1)
- {
- builder = builder.replace(idx, idx + 1, refs[i]);
- idx = indexOf(builder, chars[i], idx);
- }
- }
- return builder;
- }
-
- private int indexOf(StringBuilder builder, char c, int from)
- {
- int i = from;
- while (i < builder.length())
- {
- if (builder.charAt(i) == c)
- return i;
- i++;
- }
- return -1;
- }
-
static public class Colors
{
Modified:
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/ext/UIFormComboBox.java
===================================================================
---
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/ext/UIFormComboBox.java 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/ext/UIFormComboBox.java 2011-10-03
10:18:22 UTC (rev 7598)
@@ -19,6 +19,7 @@
package org.exoplatform.webui.form.ext;
+import org.exoplatform.commons.utils.HTMLEntityEncoder;
import org.exoplatform.webui.application.WebuiRequestContext;
import org.exoplatform.webui.core.model.SelectItemOption;
import org.exoplatform.webui.form.UIForm;
@@ -193,6 +194,12 @@
}
text += "</div></div></div>";
options = options.substring(0, options.length() - 1) + "]";
+
+ String value = getValue();
+ if (value != null)
+ {
+ value = HTMLEntityEncoder.getInstance().encode(value);
+ }
text += "<input type='hidden' name='" + getName() +
"' id='" + getId() + "'";
if (value_ != null && value_.trim().length() > 0)
{
Modified:
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/ext/UIFormInputSetWithAction.java
===================================================================
---
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/ext/UIFormInputSetWithAction.java 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/ext/UIFormInputSetWithAction.java 2011-10-03
10:18:22 UTC (rev 7598)
@@ -19,7 +19,6 @@
package org.exoplatform.webui.form.ext;
-import org.exoplatform.webui.application.WebuiRequestContext;
import org.exoplatform.webui.config.annotation.ComponentConfig;
import org.exoplatform.webui.form.UIForm;
import org.exoplatform.webui.form.UIFormInput;
@@ -89,14 +88,6 @@
isShowActionInfo = isShow;
}
- /* (non-Javadoc)
- * @see
org.exoplatform.webui.form.UIFormInputSet#processRender(org.exoplatform.webui.application.WebuiRequestContext)
- */
- public void processRender(WebuiRequestContext context) throws Exception
- {
- super.processRender(context);
- }
-
/**
* Sets the actions.
*
Modified:
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/validator/ExpressionValidator.java
===================================================================
---
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/validator/ExpressionValidator.java 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/validator/ExpressionValidator.java 2011-10-03
10:18:22 UTC (rev 7598)
@@ -64,13 +64,11 @@
{
return;
}
- if (uiInput.getValue() != null)
+
+ String value = ((String)uiInput.getValue()).trim();
+ if (value.matches(expression_))
{
- String value = ((String)uiInput.getValue()).trim();
- if (value.matches(expression_))
- {
- return;
- }
+ return;
}
// modified by Pham Dinh Tan
Copied:
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/validator/NotHTMLTagValidator.java
(from rev 7595,
portal/branches/xss/webui/core/src/main/java/org/exoplatform/webui/form/validator/NotHTMLTagValidator.java)
===================================================================
---
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/validator/NotHTMLTagValidator.java
(rev 0)
+++
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/validator/NotHTMLTagValidator.java 2011-10-03
10:18:22 UTC (rev 7598)
@@ -0,0 +1,38 @@
+/**
+ * Copyright (C) 2011 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.exoplatform.webui.form.validator;
+
+/**
+ * @author <a href="trongtt(a)gmail.com">Trong Tran</a>
+ * @version $Revision$
+ */
+public class NotHTMLTagValidator extends ExpressionValidator
+{
+ private static final String REGEX = "[^\\<\\>]*";
+
+ public NotHTMLTagValidator()
+ {
+ super(REGEX, "NotHTMLTagValidator.msg.value-invalid");
+ }
+
+ public NotHTMLTagValidator(final String key)
+ {
+ super(REGEX, key);
+ }
+}
Modified:
portal/trunk/webui/dashboard/src/main/resources/groovy/dashboard/webui/component/UIDashboardSelectContainer.gtmpl
===================================================================
---
portal/trunk/webui/dashboard/src/main/resources/groovy/dashboard/webui/component/UIDashboardSelectContainer.gtmpl 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/webui/dashboard/src/main/resources/groovy/dashboard/webui/component/UIDashboardSelectContainer.gtmpl 2011-10-03
10:18:22 UTC (rev 7598)
@@ -1,11 +1,15 @@
<%
+ import org.gatein.common.text.EntityEncoder;
+ import org.exoplatform.commons.utils.HTMLEntityEncoder;
+
def uiDashboard =
uicomponent.getAncestorOfType(org.exoplatform.dashboard.webui.component.UIDashboard.class);
if(!uiDashboard.canEdit()) return;
def uiPopup =
uicomponent.getAncestorOfType(org.exoplatform.webui.core.UIPopupWindow.class);
def rcontext = _ctx.getRequestContext();
rcontext.getJavascriptManager().addJavascript("eXo.webui.UIDashboard.initPopup('"+uiPopup.getId()+"');");
-
+
+ EntityEncoder encoder = HTMLEntityEncoder.getInstance();
%>
<div class="$uicomponent.id" id="UIDashboardSelectContainer"
style="display: <%= uiDashboard.isShowSelectPopup()? "block" :
"none"; %>;">
<div class="DashboardItemContainer ItemContainer">
@@ -21,13 +25,15 @@
<% List categories = uicomponent.getCategories();
if(categories != null && categories.size() > 0){
for(category in categories){
+ String categoryName = category.getDisplayName();
+ categoryName = categoryName == null ? "" :
encoder.encode(categoryName);
%>
<div class="GadgetCategory" id="${category.getName()}">
<div class="GadgetTab SelectedTab"
onclick="eXo.webui.UIDashboard.onTabClick(this, 'NormalTab',
'SelectedTab')">
<div class="LeftCategoryTitleBar">
<div class="RightCategoryTitleBar">
<div class="MiddleCategoryTitleBar">
- <div class="ArrowIcon"
title="${category.getDisplayName()}">${category.getDisplayName()}</div>
+ <div class="ArrowIcon"
title="$categoryName">$categoryName</div>
</div>
</div>
</div>
@@ -40,12 +46,13 @@
// uiPopup.setWindowSize(-1, 600);
for(gadget in lstGadgets){
+ String gadgetName = gadget.getDisplayName();
+ gadgetName = gadgetName == null ? "" :
encoder.encode(gadgetName);
%>
<div class="UIGadget SelectItem Item"
id="${gadget.getId()}" style="top:0px; left:0px;">
<div class="GadgetControl">
- <% def label = gadget.getDisplayName() %>
- <div class="GadgetTitle" style="cursor:move;"
title="$label">
- <%= (label.length() <= 23) ? label : label.substring(0,
20)+"..." %>
+ <div class="GadgetTitle" style="cursor:move;"
title="$gadgetName">
+ <%= (gadgetName.length() <= 23) ? gadgetName :
gadgetName.substring(0, 20)+"..." %>
</div>
</div>
</div>
Modified:
portal/trunk/webui/eXo/src/main/java/org/exoplatform/webui/organization/UIGroup.java
===================================================================
---
portal/trunk/webui/eXo/src/main/java/org/exoplatform/webui/organization/UIGroup.java 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/webui/eXo/src/main/java/org/exoplatform/webui/organization/UIGroup.java 2011-10-03
10:18:22 UTC (rev 7598)
@@ -1,10 +1,10 @@
package org.exoplatform.webui.organization;
-import java.io.Serializable;
-
+import org.exoplatform.commons.utils.HTMLEntityEncoder;
import org.exoplatform.services.organization.Group;
-import org.gatein.common.text.EntityEncoder;
+import java.io.Serializable;
+
public class UIGroup implements Serializable {
private Group group;
@@ -16,8 +16,7 @@
public String getEncodedLabel()
{
- EntityEncoder encoder = EntityEncoder.FULL;
- return encoder.encode(getLabel());
+ return HTMLEntityEncoder.getInstance().encode(getLabel());
}
public String getLabel()
Modified:
portal/trunk/webui/eXo/src/main/java/org/exoplatform/webui/organization/UIGroupMembershipSelector.java
===================================================================
---
portal/trunk/webui/eXo/src/main/java/org/exoplatform/webui/organization/UIGroupMembershipSelector.java 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/webui/eXo/src/main/java/org/exoplatform/webui/organization/UIGroupMembershipSelector.java 2011-10-03
10:18:22 UTC (rev 7598)
@@ -68,6 +68,7 @@
tree.setSelectedIcon("PortalIcon");
tree.setBeanIdField("id");
tree.setBeanLabelField("label");
+ tree.setEscapeHTML(true);
uiBreadcumbs.setBreadcumbsStyle("UIExplorerHistoryPath");
}
Modified:
portal/trunk/webui/eXo/src/main/java/org/exoplatform/webui/organization/UIGroupSelector.java
===================================================================
---
portal/trunk/webui/eXo/src/main/java/org/exoplatform/webui/organization/UIGroupSelector.java 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/webui/eXo/src/main/java/org/exoplatform/webui/organization/UIGroupSelector.java 2011-10-03
10:18:22 UTC (rev 7598)
@@ -71,6 +71,7 @@
tree.setBeanIdField("id");
//tree.setBeanLabelField("groupName");
tree.setBeanLabelField("label");
+ tree.setEscapeHTML(true);
uiBreadcumbs.setBreadcumbsStyle("UIExplorerHistoryPath");
}
Modified:
portal/trunk/webui/eXo/src/main/java/org/exoplatform/webui/organization/account/UIGroupSelector.java
===================================================================
---
portal/trunk/webui/eXo/src/main/java/org/exoplatform/webui/organization/account/UIGroupSelector.java 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/webui/eXo/src/main/java/org/exoplatform/webui/organization/account/UIGroupSelector.java 2011-10-03
10:18:22 UTC (rev 7598)
@@ -75,6 +75,7 @@
tree.setBeanIdField("id");
//tree.setBeanLabelField("groupName");
tree.setBeanLabelField("label");
+ tree.setEscapeHTML(true);
uiBreadcumbs.setBreadcumbsStyle("UIExplorerHistoryPath");
}
Modified:
portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/application/UIPortletForm.java
===================================================================
---
portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/application/UIPortletForm.java 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/application/UIPortletForm.java 2011-10-03
10:18:22 UTC (rev 7598)
@@ -46,6 +46,7 @@
import org.exoplatform.webui.event.Event.Phase;
import org.exoplatform.webui.event.EventListener;
import org.exoplatform.webui.form.*;
+import org.exoplatform.webui.form.validator.NotHTMLTagValidator;
import org.exoplatform.webui.form.validator.ExpressionValidator;
import org.exoplatform.webui.form.validator.MandatoryValidator;
import org.exoplatform.webui.form.validator.StringLengthValidator;
@@ -97,7 +98,7 @@
addValidator(MandatoryValidator.class).setEditable(false)).
addUIFormInput(new UIFormStringInput("windowId", "windowId",
null).setEditable(false)).*/
addUIFormInput(new UIFormInputInfo("displayName",
"displayName", null)).addUIFormInput(
- new UIFormStringInput("title", "title",
null).addValidator(StringLengthValidator.class, 3,
60).addValidator(ExpressionValidator.class, "[^\\<\\>]*",
+ new UIFormStringInput("title", "title",
null).addValidator(StringLengthValidator.class, 3,
60).addValidator(NotHTMLTagValidator.class,
"UIPortletForm.msg.InvalidPortletTitle"))
.addUIFormInput(
new UIFormStringInput("width", "width",
null).addValidator(ExpressionValidator.class, "(^([1-9]\\d*)px$)?",
@@ -107,8 +108,8 @@
new UIFormCheckBoxInput("showInfoBar", "showInfoBar",
false)).addUIFormInput(
new UIFormCheckBoxInput("showPortletMode",
"showPortletMode", false)).addUIFormInput(
new UIFormCheckBoxInput("showWindowState",
"showWindowState", false)).addUIFormInput(
- new UIFormTextAreaInput("description", "description",
null).addValidator(StringLengthValidator.class, 0,
- 255).addValidator(ExpressionValidator.class, "[^\\<\\>]*",
"UIPortletForm.msg.InvalidPortletDescription"));
+ new UIFormTextAreaInput("description",
"description", null).addValidator(StringLengthValidator.class,
+ 0, 255).addValidator(NotHTMLTagValidator.class,
"UIPortletForm.msg.InvalidPortletDescription"));
addUIFormInput(uiSettingSet);
UIFormInputIconSelector uiIconSelector = new
UIFormInputIconSelector("Icon", "icon");
addUIFormInput(uiIconSelector);
Modified:
portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/page/UIPageBrowser.java
===================================================================
---
portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/page/UIPageBrowser.java 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/page/UIPageBrowser.java 2011-10-03
10:18:22 UTC (rev 7598)
@@ -152,9 +152,13 @@
String title = titleInput.getValue();
String ownerType = select.getValue();
if (title != null && title != "")
- query.setTitle(title);
+ {
+ query.setTitle(title.trim());
+ }
if (siteName != null && siteName != "")
- query.setOwnerId(siteName);
+ {
+ query.setOwnerId(siteName.trim());
+ }
query.setOwnerType(ownerType);
query.setName(null);
Modified:
portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/page/UIPageSearchForm.java
===================================================================
---
portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/page/UIPageSearchForm.java 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/page/UIPageSearchForm.java 2011-10-03
10:18:22 UTC (rev 7598)
@@ -29,6 +29,7 @@
import org.exoplatform.webui.form.UIFormInputSet;
import org.exoplatform.webui.form.UIFormSelectBox;
import org.exoplatform.webui.form.UIFormStringInput;
+import org.exoplatform.webui.form.validator.ExpressionValidator;
import java.util.List;
@@ -50,7 +51,7 @@
{
UIFormInputSet uiQuickSearchSet = new UIFormInputSet(QUICK_SEARCH_SET);
uiQuickSearchSet.addUIFormInput(new UIFormStringInput("pageTitle",
"pageTitle", null));
- uiQuickSearchSet.addUIFormInput(new UIFormStringInput("siteName",
"siteName", null));
+ uiQuickSearchSet.addUIFormInput(new UIFormStringInput("siteName",
"siteName", null).addValidator(ExpressionValidator.class,
"[^\\'\"]*", "UISearchForm.msg.empty"));
uiQuickSearchSet.addUIFormInput(new UIFormSelectBox("searchOption", null,
null));
addChild(uiQuickSearchSet);
}
Modified:
portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/portal/UIPortalForm.java
===================================================================
---
portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/portal/UIPortalForm.java 2011-10-03
10:08:26 UTC (rev 7597)
+++
portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/portal/UIPortalForm.java 2011-10-03
10:18:22 UTC (rev 7598)
@@ -63,6 +63,7 @@
import org.exoplatform.webui.form.UIFormTabPane;
import org.exoplatform.webui.form.validator.IdentifierValidator;
import org.exoplatform.webui.form.validator.MandatoryValidator;
+import org.exoplatform.webui.form.validator.SpecialCharacterValidator;
import org.exoplatform.webui.form.validator.StringLengthValidator;
import org.exoplatform.webui.organization.UIListPermissionSelector;
import
org.exoplatform.webui.organization.UIListPermissionSelector.EmptyIteratorValidator;
@@ -242,7 +243,7 @@
new UIFormStringInput(FIELD_NAME, FIELD_NAME,
null).addValidator(MandatoryValidator.class).addValidator(
StringLengthValidator.class, 3,
30).addValidator(IdentifierValidator.class).setEditable(false));
- uiSettingSet.addUIFormInput(new UIFormStringInput(FIELD_LABEL, FIELD_LABEL,
null));
+ uiSettingSet.addUIFormInput(new UIFormStringInput(FIELD_LABEL, FIELD_LABEL,
null).addValidator(SpecialCharacterValidator.class));
uiSettingSet.addUIFormInput(new UIFormStringInput(FIELD_DESCRIPTION,
FIELD_DESCRIPTION, null));
uiSettingSet.addUIFormInput(new UIFormSelectBox(FIELD_LOCALE, FIELD_LOCALE,
languages).addValidator(MandatoryValidator.class));