Psst.. new poll here.
Psst.. new forums here.
Microsoft is blocking us again (TY IP Reputation!) so just use oauth login instead. :)
Paste
Pasted as Diff by maloi ( 15 years ago )
Index: src/main/java/luxoft/csesb/controller/MonitorController.java
===================================================================
--- src/main/java/luxoft/csesb/controller/MonitorController.java (revision 1876)
+++ src/main/java/luxoft/csesb/controller/MonitorController.java (working copy)
@@ -6,6 +6,7 @@
import luxoft.csesb.model.Filter;
import luxoft.csesb.service.api.IAuditService;
+import luxoft.csesb.service.utils.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -67,13 +68,13 @@
@RequestMapping(method = RequestMethod.GET, value="/msgcontent")
public @ResponseBody String getMsgContent(@RequestParam(value = "msgId") long id,
ModelMap model) {
- return auditService.getMsgVal(id);
+ return StringUtils.escapeHtml(auditService.getMsgVal(id));
}
@RequestMapping(method = RequestMethod.GET, value="/tracecontent")
public @ResponseBody String getTraceContent(@RequestParam(value = "msgId") long id,
ModelMap model) {
- return auditService.getTraceVal(id);
+ return StringUtils.escapeHtml(auditService.getTraceVal(id));
}
public IAuditService getAuditService() {
Index: src/main/java/luxoft/csesb/service/utils/StringUtils.java
===================================================================
--- src/main/java/luxoft/csesb/service/utils/StringUtils.java (revision 1876)
+++ src/main/java/luxoft/csesb/service/utils/StringUtils.java (working copy)
@@ -1,5 +1,10 @@
package luxoft.csesb.service.utils;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.apache.commons.lang.StringEscapeUtils;
+
public class StringUtils {
public static void replace(StringBuilder sb, String target, String replacement){
@@ -8,5 +13,27 @@
sb.replace(i, i+target.length(), replacement);
}
}
+
+ public static String escapeHtml(final String source){
+ if(source==null){
+ return null;
+ }else{
+ Matcher m = Pattern.compile("(\n *)", Pattern.DOTALL)
+ .matcher(StringEscapeUtils.escapeHtml(source));
+ StringBuffer sb = new StringBuffer();
+ while (m.find()) {
+ m.appendReplacement(sb, "$1");
+ int c = sb.lastIndexOf("\n");
+ StringBuffer sb2 = new StringBuffer("<br/>");
+ for(int i=1;i<sb.length()-c;++i){
+ sb2.append(" ");
+ }
+ sb.replace(c, sb.length()-1, sb2.toString());
+ }
+ m.appendTail(sb);
+ return sb.toString();
+
+ }
+ }
}
Index: src/main/webapp/WEB-INF/pages/msg.jsp
===================================================================
--- src/main/webapp/WEB-INF/pages/msg.jsp (revision 1876)
+++ src/main/webapp/WEB-INF/pages/msg.jsp (working copy)
@@ -1,3 +1,5 @@
+<%@page import="luxoft.csesb.model.AuditMsg"%>
+<%@page import="luxoft.csesb.service.utils.StringUtils"%>
<%@ page contentType="text/html; charset=UTF-8" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
@@ -67,9 +69,9 @@
$(this).closest('th').css('width', '');
$(this).hide().parent().find('.show-all').show();
});
- $(".full-value").html(function(index, text){
- return text.replace(/\n( *)/g, function(str,p1){var str = '<br/>';for(i=0;i<p1.length;++i)str=str+' ';return str;});
- });
+// $(".full-value").html(function(index, text){
+// return text.replace(/\n( *)/g, function(str,p1){var str = '<br/>';for(i=0;i<p1.length;++i)str=str+' ';return str;});
+// });
});
[removed]
</head>
@@ -107,7 +109,7 @@
<tt:td>
<c:if test="${fn:length(transMsg.content) > 0}">
<span class="value"><c:out value="${fn:substring(transMsg.content,0,8)}"/>...</span>
- <div class="full-value" style="display:none;"><c:out value="${transMsg.content}"/></div>
+ <div class="full-value" style="display:none;"><%=StringUtils.escapeHtml(((AuditMsg)pageContext.getAttribute("transMsg")).getContent()) %></div>
</c:if>
</tt:td>
</sec:authorize>
@@ -121,7 +123,7 @@
<tt:td>
<c:if test="${fn:length(transMsg.trace) > 0}">
<span class="value"><c:out value="${fn:substring(transMsg.trace,0,8)}"/>...</span>
- <div class="full-value" style="display:none;"><c:out value="${transMsg.trace}"/></div>
+ <div class="full-value" style="display:none;"><%=StringUtils.escapeHtml(((AuditMsg)pageContext.getAttribute("transMsg")).getTrace()) %></div>
</c:if>
</tt:td>
</tt:table>
Index: src/main/webapp/WEB-INF/pages/main.jsp
===================================================================
--- src/main/webapp/WEB-INF/pages/main.jsp (revision 1876)
+++ src/main/webapp/WEB-INF/pages/main.jsp (working copy)
@@ -31,11 +31,6 @@
[removed][removed]
[removed][removed]
[removed]
- function escape(text) {
- return text.replace(/&/g, '&').replace(/</g, '<')
- .replace(/>/g, '>').replace(/'/g, ''').replace(/"/g, '"')
- .replace(/\n( *)/g, function(str,p1){var str = '<br/>';for(i=0;i<p1.length;++i)str=str+' ';return str;});
- }
var helper = {};
$(function(){
helper.parent = $('<div id="tracehelper"><h3></h3><div class="body"></div></div>').appendTo(document.body).hide();
@@ -186,7 +181,7 @@
td.parent().find('td').each(function(index,value) {
if ($(value).find('.trace-ajax').html() == id) thIndex = index+1;
});
- var html = escape(data);
+ var html = data;
td.find('.full-value').html(html);
showHelper(html,event.target);
},
Revise this Paste
Children: 34899