Welcome, guest! Login / Register - Why register?
Psst.. new poll here.
Psst.. new forums here.
Microsoft is blocking us again (TY IP Reputation!) so just use oauth login instead. :)

Paste

Pasted as Diff by maloi ( 15 years ago )
Index: src/main/java/luxoft/csesb/controller/MonitorController.java
===================================================================
--- src/main/java/luxoft/csesb/controller/MonitorController.java (revision 1876)
+++ src/main/java/luxoft/csesb/controller/MonitorController.java (working copy)
@@ -6,6 +6,7 @@
 
 import luxoft.csesb.model.Filter;
 import luxoft.csesb.service.api.IAuditService;
+import luxoft.csesb.service.utils.StringUtils;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -67,13 +68,13 @@
     @RequestMapping(method = RequestMethod.GET, value="/msgcontent")
     public @ResponseBody String getMsgContent(@RequestParam(value = "msgId") long id,
            ModelMap model) {
-     return auditService.getMsgVal(id);
+     return StringUtils.escapeHtml(auditService.getMsgVal(id));
     }
 
     @RequestMapping(method = RequestMethod.GET, value="/tracecontent")
     public @ResponseBody String getTraceContent(@RequestParam(value = "msgId") long id,
            ModelMap model) {
-     return auditService.getTraceVal(id);
+     return StringUtils.escapeHtml(auditService.getTraceVal(id));
     }
 
     public IAuditService getAuditService() {
Index: src/main/java/luxoft/csesb/service/utils/StringUtils.java
===================================================================
--- src/main/java/luxoft/csesb/service/utils/StringUtils.java (revision 1876)
+++ src/main/java/luxoft/csesb/service/utils/StringUtils.java (working copy)
@@ -1,5 +1,10 @@
 package luxoft.csesb.service.utils;
 
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.apache.commons.lang.StringEscapeUtils;
+
 public class StringUtils {
  
  public static void replace(StringBuilder sb, String target, String replacement){
@@ -8,5 +13,27 @@
       sb.replace(i, i+target.length(), replacement);
      }
     }
+ 
+ public static String escapeHtml(final String source){
+  if(source==null){
+   return null;
+  }else{
+   Matcher m = Pattern.compile("(\n *)", Pattern.DOTALL)
+    .matcher(StringEscapeUtils.escapeHtml(source));
+   StringBuffer sb = new StringBuffer();
+   while (m.find()) {
+    m.appendReplacement(sb, "$1");
+    int c = sb.lastIndexOf("\n");
+    StringBuffer sb2 = new StringBuffer("<br/>");
+    for(int i=1;i<sb.length()-c;++i){
+     sb2.append(" ");
+    }
+    sb.replace(c, sb.length()-1, sb2.toString());
+   }
+   m.appendTail(sb);
+   return sb.toString();
+   
+  }
+ }
 
 }
Index: src/main/webapp/WEB-INF/pages/msg.jsp
===================================================================
--- src/main/webapp/WEB-INF/pages/msg.jsp (revision 1876)
+++ src/main/webapp/WEB-INF/pages/msg.jsp (working copy)
@@ -1,3 +1,5 @@
+<%@page import="luxoft.csesb.model.AuditMsg"%>
+<%@page import="luxoft.csesb.service.utils.StringUtils"%>
 <%@ page contentType="text/html; charset=UTF-8" %>
 <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
 <%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
@@ -67,9 +69,9 @@
                 $(this).closest('th').css('width', '');
                 $(this).hide().parent().find('.show-all').show();
             });
-            $(".full-value").html(function(index, text){
-             return text.replace(/\n( *)/g, function(str,p1){var str = '<br/>';for(i=0;i<p1.length;++i)str=str+' ';return str;});
-            });
+//             $(".full-value").html(function(index, text){
+//              return text.replace(/\n( *)/g, function(str,p1){var str = '<br/>';for(i=0;i<p1.length;++i)str=str+' ';return str;});
+//             });
         });
     [removed]
 </head>
@@ -107,7 +109,7 @@
                     <tt:td>
                         <c:if test="${fn:length(transMsg.content) > 0}">
                             <span class="value"><c:out value="${fn:substring(transMsg.content,0,8)}"/>...</span>
-                            <div class="full-value" style="display:none;"><c:out value="${transMsg.content}"/></div>
+                            <div class="full-value" style="display:none;"><%=StringUtils.escapeHtml(((AuditMsg)pageContext.getAttribute("transMsg")).getContent()) %></div>
                         </c:if>
                     </tt:td>
                 </sec:authorize>
@@ -121,7 +123,7 @@
                 <tt:td>
                     <c:if test="${fn:length(transMsg.trace) > 0}">
                         <span class="value"><c:out value="${fn:substring(transMsg.trace,0,8)}"/>...</span>
-                        <div class="full-value" style="display:none;"><c:out value="${transMsg.trace}"/></div>
+                        <div class="full-value" style="display:none;"><%=StringUtils.escapeHtml(((AuditMsg)pageContext.getAttribute("transMsg")).getTrace()) %></div>
                     </c:if>
                 </tt:td>
             </tt:table>
Index: src/main/webapp/WEB-INF/pages/main.jsp
===================================================================
--- src/main/webapp/WEB-INF/pages/main.jsp (revision 1876)
+++ src/main/webapp/WEB-INF/pages/main.jsp (working copy)
@@ -31,11 +31,6 @@
     [removed][removed]
     [removed][removed]
     [removed]
-      function escape(text) {
-         return text.replace(/&/g, '&').replace(/</g, '<')
-                 .replace(/>/g, '>').replace(/'/g, '&apos;').replace(/"/g, '"')
-     .replace(/\n( *)/g, function(str,p1){var str = '<br/>';for(i=0;i<p1.length;++i)str=str+' ';return str;});
-     }
       var helper = {};
   $(function(){
        helper.parent = $('<div id="tracehelper"><h3></h3><div class="body"></div></div>').appendTo(document.body).hide();
@@ -186,7 +181,7 @@
                         td.parent().find('td').each(function(index,value) {
                             if ($(value).find('.trace-ajax').html() == id) thIndex = index+1;
                         });
-                        var html = escape(data);
+                        var html = data;
                         td.find('.full-value').html(html);
                         showHelper(html,event.target);
                     },

 

Revise this Paste

Children: 34899
Your Name: Code Language: