Skip to content

Commit

Permalink
DELTASPIKE-1389 further stricten dswid
Browse files Browse the repository at this point in the history
  • Loading branch information
struberg committed Oct 15, 2019
1 parent f9f0c6a commit beae6e1
Show file tree
Hide file tree
Showing 3 changed files with 48 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -40,4 +40,39 @@ public static boolean isNotEmpty(String text)
{
return !isEmpty(text);
}

/**
* Remove any non-numeric, non-alphanumeric Characters in the given String
* @param val
* @return the original string but any non-numeric, non-alphanumeric is replaced with a '_'
*/
public static String removeSpecialChars(String val)
{
if (val == null)
{
return null;
}

int len = val.length();
char[] newBuf = new char[len];
val.getChars(0, len, newBuf, 0);
for (int i = 0; i < len; i++)
{
char c = newBuf[i];
if (c >= 'a' && c <= 'z' ||
c >= 'A' && c <= 'Z' ||
c >= '0' && c <= '9' ||
c == '-' ||
c == '_')
{
continue;
}

// every other char gets replaced with '_'
newBuf[i] = '_';
}

return new String(newBuf);
}

}
Original file line number Diff line number Diff line change
Expand Up @@ -32,4 +32,14 @@ public void emptyStringDetection()
Assert.assertTrue(StringUtils.isEmpty(" "));
Assert.assertFalse(StringUtils.isEmpty(" a "));
}

@Test
public void testRemoveSpecialChars() {
Assert.assertNull(StringUtils.removeSpecialChars(null));
Assert.assertEquals("abc_def", StringUtils.removeSpecialChars("abc def"));
Assert.assertEquals("a_c_def", StringUtils.removeSpecialChars("a_c def")); // not replace _
Assert.assertEquals("a-c_dex", StringUtils.removeSpecialChars("a-c dex")); // not replace -
Assert.assertEquals("a_c_def", StringUtils.removeSpecialChars("a\'c def"));
Assert.assertEquals("A_c_deX", StringUtils.removeSpecialChars("A#c deX"));
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@
import javax.faces.context.FacesContext;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;

import org.apache.deltaspike.core.util.StringUtils;
import org.apache.deltaspike.jsf.api.config.JsfModuleConfig;
import org.apache.deltaspike.jsf.impl.util.ClientWindowHelper;
import org.apache.deltaspike.jsf.spi.scope.window.ClientWindow;
Expand Down Expand Up @@ -103,7 +105,7 @@ public String getWindowId(FacesContext facesContext)
*/
protected String sanitiseWindowId(String windowId)
{
return windowId.replace('(', '_').replace('<', '_').replace('&', '_');
return StringUtils.removeSpecialChars(windowId);
}

protected abstract String getOrCreateWindowId(FacesContext facesContext);
Expand Down

0 comments on commit beae6e1

Please sign in to comment.