Skip to content

Commit 200651a

Browse files
committed
Fixing problems around user notifications about the sanitation of data coming from WEB browser.
1 parent 4642d0e commit 200651a

File tree

3 files changed

+12
-4
lines changed

3 files changed

+12
-4
lines changed

core-war/src/main/java/org/silverpeas/web/notificationuser/control/UserNotificationWrapper.java

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,5 @@
11
package org.silverpeas.web.notificationuser.control;
22

3-
import org.owasp.encoder.Encode;
43
import org.silverpeas.core.admin.user.model.User;
54
import org.silverpeas.core.notification.user.UserNotification;
65
import org.silverpeas.core.notification.user.client.GroupRecipient;
@@ -58,7 +57,7 @@ public UserNotificationWrapper setTitle(final String title) {
5857
final boolean isSimpleContents = metaData.getTemplateContents().isEmpty();
5958
final Map<String, String> simpleContents = metaData.getSimpleContents();
6059
for (String lang : DisplayI18NHelper.getLanguages()) {
61-
metaData.setTitle(Encode.forHtml(title), lang);
60+
metaData.setTitle(title, lang);
6261
if (isSimpleContents && isNotDefined(simpleContents.get(lang))) {
6362
final LocalizationBundle bundle = getLocalizationBundle(
6463
"org.silverpeas.alertUserPeas.multilang.alertUserPeasBundle", lang);

core-war/src/main/java/org/silverpeas/web/notificationuser/servlets/UserNotificationRequestRouter.java

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -129,7 +129,14 @@ private NotificationContext getNotificationContext(final HttpRequest request) {
129129
final HtmlSanitizer htmlSanitizer = HtmlSanitizer.get();
130130
while (parameters.hasMoreElements()) {
131131
final String name = parameters.nextElement();
132-
context.put(name, htmlSanitizer.sanitize(request.getParameter(name)));
132+
final String value = request.getParameter(name);
133+
boolean isBase64 = false;
134+
try {
135+
isBase64 = value != null && StringUtil.fromBase64(value).length > 0;
136+
} catch (Exception ignore) {
137+
// if not base64 encoded, value can be sanitized
138+
}
139+
context.put(name, isBase64 ? value : htmlSanitizer.sanitize(value));
133140
}
134141
return context;
135142
}

core-war/src/main/webapp/util/javaScript/silverpeas-user-notification.js

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,8 @@
2727
Silverpeas plugin which handles the behaviour about the user notification.
2828
*/
2929

30+
//# sourceURL=/util/javaScript/silverpeas-user-notification.js
31+
3032
(function() {
3133

3234
var $window = top.spLayout ? top.window : window;
@@ -232,7 +234,7 @@ Silverpeas plugin which handles the behaviour about the user notification.
232234
__notificationMonitor.newOne(userNotification);
233235
try {
234236
this.notifyOnDesktop(userNotification.sender, {
235-
body : userNotification.subject,
237+
body : userNotification.subject.unescapeHTML(),
236238
tag : userNotification.id,
237239
icon : DESKTOP_USER_NOTIFICATION_ICON_URL
238240
}, function(desktopNotification) {

0 commit comments

Comments
 (0)