Example 1 with OWASPAntiSamyXSSFilter
use of org.olat.core.util.filter.impl.OWASPAntiSamyXSSFilter in project OpenOLAT by OpenOLAT.
the class SubscriptionListItem method getHTMLContent.
private String getHTMLContent(Locale locale) {
StringBuilder sb = new StringBuilder();
Translator trans = Util.createPackageTranslator(ContextualSubscriptionController.class, locale);
Formatter form = Formatter.getInstance(locale);
String datePart = trans.translate("subscription.listitem.dateprefix", new String[] { form.formatDateAndTime(date) });
sb.append("<li>");
if (iconCssClass != null) {
sb.append("<i class=\"o_icon o_icon-fw ");
sb.append(iconCssClass);
sb.append("\"></i>");
}
if (StringHelper.containsNonWhitespace(link)) {
sb.append("<a href=\"");
sb.append(link);
sb.append("\">");
}
if (StringHelper.containsNonWhitespace(description)) {
sb.append(new OWASPAntiSamyXSSFilter().filter(description.trim()));
}
if (StringHelper.containsNonWhitespace(link))
sb.append("</a>");
sb.append(" <span class='o_nowrap o_date'>").append(datePart.trim()).append("</span>");
sb.append("</li>");
return sb.toString();
}
Also used :
OWASPAntiSamyXSSFilter(org.olat.core.util.filter.impl.OWASPAntiSamyXSSFilter)
Translator(org.olat.core.gui.translator.Translator)
Formatter(org.olat.core.util.Formatter)
Example 2 with OWASPAntiSamyXSSFilter
use of org.olat.core.util.filter.impl.OWASPAntiSamyXSSFilter in project OpenOLAT by OpenOLAT.
the class MailController method formattedBody.
private String formattedBody() {
String body = mail.getBody();
String formattedBody;
if (!StringHelper.containsNonWhitespace(body)) {
formattedBody = "";
} else if (StringHelper.isHtml(body)) {
// html -> don't replace
formattedBody = body;
} else {
// if windows
formattedBody = body.replace("\n\r", "<br />").replace("\n", "<br />");
}
return new OWASPAntiSamyXSSFilter().filter(formattedBody);
}
Also used :
OWASPAntiSamyXSSFilter(org.olat.core.util.filter.impl.OWASPAntiSamyXSSFilter)
Example 3 with OWASPAntiSamyXSSFilter
use of org.olat.core.util.filter.impl.OWASPAntiSamyXSSFilter in project openolat by klemens.
the class SubscriptionListItem method getHTMLContent.
private String getHTMLContent(Locale locale) {
StringBuilder sb = new StringBuilder();
Translator trans = Util.createPackageTranslator(ContextualSubscriptionController.class, locale);
Formatter form = Formatter.getInstance(locale);
String datePart = trans.translate("subscription.listitem.dateprefix", new String[] { form.formatDateAndTime(date) });
sb.append("<li>");
if (iconCssClass != null) {
sb.append("<i class=\"o_icon o_icon-fw ");
sb.append(iconCssClass);
sb.append("\"></i>");
}
if (StringHelper.containsNonWhitespace(link)) {
sb.append("<a href=\"");
sb.append(link);
sb.append("\">");
}
if (StringHelper.containsNonWhitespace(description)) {
sb.append(new OWASPAntiSamyXSSFilter().filter(description.trim()));
}
if (StringHelper.containsNonWhitespace(link))
sb.append("</a>");
sb.append(" <span class='o_nowrap o_date'>").append(datePart.trim()).append("</span>");
sb.append("</li>");
return sb.toString();
}
Also used :
OWASPAntiSamyXSSFilter(org.olat.core.util.filter.impl.OWASPAntiSamyXSSFilter)
Translator(org.olat.core.gui.translator.Translator)
Formatter(org.olat.core.util.Formatter)
Example 4 with OWASPAntiSamyXSSFilter
use of org.olat.core.util.filter.impl.OWASPAntiSamyXSSFilter in project openolat by klemens.
the class TextFlexiCellRenderer method render.
/**
* Render Date type with Formatter depending on locale. Render all other types with toString.
* @param target
* @param cellValue
* @param translator
*/
@Override
public void render(Renderer renderer, StringOutput target, Object cellValue, int row, FlexiTableComponent source, URLBuilder ubu, Translator translator) {
if (cellValue instanceof Date) {
Formatter formatter = Formatter.getInstance(translator.getLocale());
target.append(formatter.formatDateAndTime((Date) cellValue));
} else if (cellValue instanceof String) {
String str = (String) cellValue;
if (escapeHtml != null) {
switch(escapeHtml) {
case antisamy:
target.append(new OWASPAntiSamyXSSFilter().filter(str));
break;
case html:
StringHelper.escapeHtml(target, str);
break;
case none:
target.append(str);
break;
}
} else {
StringHelper.escapeHtml(target, str);
}
} else if (cellValue instanceof Date) {
Formatter formatter = Formatter.getInstance(translator.getLocale());
String date = formatter.formatDateAndTime((Date) cellValue);
target.append(date);
} else if (cellValue instanceof Boolean) {
Boolean bool = (Boolean) cellValue;
if (bool.booleanValue()) {
target.append("<input type='checkbox' value='' checked='checked' disabled='disabled' />");
} else {
target.append("<input type='checkbox' value='' disabled='disabled' />");
}
} else if (cellValue != null) {
target.append(cellValue.toString());
}
}
Also used :
OWASPAntiSamyXSSFilter(org.olat.core.util.filter.impl.OWASPAntiSamyXSSFilter)
Formatter(org.olat.core.util.Formatter)
Date(java.util.Date)
Example 5 with OWASPAntiSamyXSSFilter
use of org.olat.core.util.filter.impl.OWASPAntiSamyXSSFilter in project openolat by klemens.
the class StringHelper method xssScanForErrors.
public static final boolean xssScanForErrors(String str) {
OWASPAntiSamyXSSFilter filter = new OWASPAntiSamyXSSFilter();
filter.filter(str);
return filter.getNumOfErrors() > 0;
}
Also used :
OWASPAntiSamyXSSFilter(org.olat.core.util.filter.impl.OWASPAntiSamyXSSFilter)
Aggregations
OWASPAntiSamyXSSFilter (org.olat.core.util.filter.impl.OWASPAntiSamyXSSFilter)10
Formatter (org.olat.core.util.Formatter)4
ArrayList (java.util.ArrayList)2
Date (java.util.Date)2
Translator (org.olat.core.gui.translator.Translator)2
