Skip to content

Commit

Permalink
ISIS-3240: CalendarEventSemantics: properly escape string content
Browse files Browse the repository at this point in the history
- also fixes html escape utility (wrong order of characters to be
processed)
  • Loading branch information
andi-huber committed Oct 10, 2022
1 parent 33de85d commit 3422551
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 8 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -26,17 +26,17 @@
final class _Strings_HtmlEscaper {

// as declared int guava's com.google.common.html.HtmlEscapers
// order matters: replace '&' first
private static final _Strings.KeyValuePair[] replacements = {
_Strings.pair("\"", """),
// Note: "'" is not defined in HTML 4.01.
_Strings.pair("'", "'"),
_Strings.pair("&", "&"),
_Strings.pair("<", "&lt;"),
_Strings.pair(">", "&gt;"),

_Strings.pair("\"", "&quot;"),
// Note: "&apos;" is not defined in HTML 4.01.
_Strings.pair("'", "&#39;"),
};

static String htmlEscape(String input) {
static String htmlEscape(final String input) {
if(_Strings.isEmpty(input)) {
return input;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -133,20 +133,25 @@ public String titlePresentation(final Context context, final CalendarEvent value
}

private final Can<String> htmlTemplate = _Text.readLinesFromResource(this.getClass(),
"CalendarEvent.html", StandardCharsets.UTF_8);
"CalendarEvent.html", StandardCharsets.UTF_8)
.stream()
.skip(20)
.collect(Can.toCan());

@Override
public String htmlPresentation(final Context context, final CalendarEvent value) {
return renderHtml(value, v->{
val html = new _StringInterpolation(toMap(context, value))
val html = new _StringInterpolation(toMapHtmlEscaped(context, value))
.applyTo(htmlTemplate)
.stream()
.collect(Collectors.joining());
return html;
});
}

private Map<String, @NonNull String> toMap(final Context context, final CalendarEvent v) {
private Map<String, @NonNull String> toMap(
final Context context,
final CalendarEvent v) {
return Map.of(
"title", v.getTitle(),
"calendar-name", v.getCalendarName(),
Expand All @@ -156,6 +161,19 @@ public String htmlPresentation(final Context context, final CalendarEvent value)
"notes", _Strings.nullToEmpty(v.getNotes()));
}

private Map<String, @NonNull String> toMapHtmlEscaped(
final Context context,
final CalendarEvent v) {
return Map.of(
"title", _Strings.htmlEscape(v.getTitle()),
"calendar-name", _Strings.htmlEscape(v.getCalendarName()),
"timestamp", zonedDateTimeValueSemantics
.htmlPresentation(context,
v.asDateTime(context.getInteractionContext().getTimeZone())),
"notes", _Strings.htmlEscape(_Strings.nullToEmpty(v.getNotes())));
}


// -- EXAMPLES

@Override
Expand Down

0 comments on commit 3422551

Please sign in to comment.