Example 6 with OWASPAntiSamyXSSFilter
use of org.olat.core.util.filter.impl.OWASPAntiSamyXSSFilter in project openolat by klemens.
the class TextBoxListComponent method getItemsAsString.
/**
* returns a the current items as comma-separated list.<br />
*
* @return An HTML escaped list of item
*/
protected String getItemsAsString() {
Map<String, String> content = getCurrentItems();
if (content != null && content.size() != 0) {
// antisamy + escaping to prevent issue with the javascript code
OWASPAntiSamyXSSFilter filter = new OWASPAntiSamyXSSFilter();
List<String> filtered = new ArrayList<String>();
for (String item : content.keySet()) {
String antiItem = filter.filter(item);
if (StringHelper.containsNonWhitespace(antiItem)) {
filtered.add(antiItem);
}
}
return StringUtils.join(filtered, ", ");
} else
return "";
}
Also used :
OWASPAntiSamyXSSFilter(org.olat.core.util.filter.impl.OWASPAntiSamyXSSFilter)
ArrayList(java.util.ArrayList)
Example 7 with OWASPAntiSamyXSSFilter
use of org.olat.core.util.filter.impl.OWASPAntiSamyXSSFilter in project openolat by klemens.
the class MailController method formattedBody.
private String formattedBody() {
String body = mail.getBody();
String formattedBody;
if (!StringHelper.containsNonWhitespace(body)) {
formattedBody = "";
} else if (StringHelper.isHtml(body)) {
// html -> don't replace
formattedBody = body;
} else {
// if windows
formattedBody = body.replace("\n\r", "<br />").replace("\n", "<br />");
}
return new OWASPAntiSamyXSSFilter().filter(formattedBody);
}
Also used :
OWASPAntiSamyXSSFilter(org.olat.core.util.filter.impl.OWASPAntiSamyXSSFilter)
Example 8 with OWASPAntiSamyXSSFilter
use of org.olat.core.util.filter.impl.OWASPAntiSamyXSSFilter in project OpenOLAT by OpenOLAT.
the class TextFlexiCellRenderer method render.
/**
* Render Date type with Formatter depending on locale. Render all other types with toString.
* @param target
* @param cellValue
* @param translator
*/
@Override
public void render(Renderer renderer, StringOutput target, Object cellValue, int row, FlexiTableComponent source, URLBuilder ubu, Translator translator) {
if (cellValue instanceof Date) {
Formatter formatter = Formatter.getInstance(translator.getLocale());
target.append(formatter.formatDateAndTime((Date) cellValue));
} else if (cellValue instanceof String) {
String str = (String) cellValue;
if (escapeHtml != null) {
switch(escapeHtml) {
case antisamy:
target.append(new OWASPAntiSamyXSSFilter().filter(str));
break;
case html:
StringHelper.escapeHtml(target, str);
break;
case none:
target.append(str);
break;
}
} else {
StringHelper.escapeHtml(target, str);
}
} else if (cellValue instanceof Date) {
Formatter formatter = Formatter.getInstance(translator.getLocale());
String date = formatter.formatDateAndTime((Date) cellValue);
target.append(date);
} else if (cellValue instanceof Boolean) {
Boolean bool = (Boolean) cellValue;
if (bool.booleanValue()) {
target.append("<input type='checkbox' value='' checked='checked' disabled='disabled' />");
} else {
target.append("<input type='checkbox' value='' disabled='disabled' />");
}
} else if (cellValue != null) {
target.append(cellValue.toString());
}
}
Also used :
OWASPAntiSamyXSSFilter(org.olat.core.util.filter.impl.OWASPAntiSamyXSSFilter)
Formatter(org.olat.core.util.Formatter)
Date(java.util.Date)
Example 9 with OWASPAntiSamyXSSFilter
use of org.olat.core.util.filter.impl.OWASPAntiSamyXSSFilter in project OpenOLAT by OpenOLAT.
the class TextBoxListComponent method getItemsAsString.
/**
* returns a the current items as comma-separated list.<br />
*
* @return An HTML escaped list of item
*/
protected String getItemsAsString() {
Map<String, String> content = getCurrentItems();
if (content != null && content.size() != 0) {
// antisamy + escaping to prevent issue with the javascript code
OWASPAntiSamyXSSFilter filter = new OWASPAntiSamyXSSFilter();
List<String> filtered = new ArrayList<String>();
for (String item : content.keySet()) {
String antiItem = filter.filter(item);
if (StringHelper.containsNonWhitespace(antiItem)) {
filtered.add(antiItem);
}
}
return StringUtils.join(filtered, ", ");
} else
return "";
}
Also used :
OWASPAntiSamyXSSFilter(org.olat.core.util.filter.impl.OWASPAntiSamyXSSFilter)
ArrayList(java.util.ArrayList)
Example 10 with OWASPAntiSamyXSSFilter
use of org.olat.core.util.filter.impl.OWASPAntiSamyXSSFilter in project OpenOLAT by OpenOLAT.
the class StringHelper method xssScanForErrors.
public static final boolean xssScanForErrors(String str) {
OWASPAntiSamyXSSFilter filter = new OWASPAntiSamyXSSFilter();
filter.filter(str);
return filter.getNumOfErrors() > 0;
}
Also used :
OWASPAntiSamyXSSFilter(org.olat.core.util.filter.impl.OWASPAntiSamyXSSFilter)
Aggregations
OWASPAntiSamyXSSFilter (org.olat.core.util.filter.impl.OWASPAntiSamyXSSFilter)10
Formatter (org.olat.core.util.Formatter)4
ArrayList (java.util.ArrayList)2
Date (java.util.Date)2
Translator (org.olat.core.gui.translator.Translator)2
