Skip to content
Permalink
Browse files

[FIXED JENKINS-10460] do not let raw html be imported from remote job…

… description
  • Loading branch information
jieryn committed Oct 15, 2011
1 parent 18a1366 commit ec1711f1bd0ab146225bca3057a17ae7a4154828
Showing with 12 additions and 3 deletions.
  1. +1 −1 pom.xml
  2. +11 −2 src/main/java/org/jenkins/ci/plugins/jobimport/RemoteJob.java
@@ -31,7 +31,7 @@
<parent>
<groupId>org.jenkins-ci.plugins</groupId>
<artifactId>plugin</artifactId>
<version>1.396</version>
<version>1.420</version>
<relativePath>../pom.xml</relativePath>
</parent>

@@ -24,6 +24,9 @@

package org.jenkins.ci.plugins.jobimport;

import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang.StringUtils;

/**
* @author <a href="mailto:jieryn@gmail.com">Jesse Farinacci</a>
* @since 1.0
@@ -49,7 +52,7 @@ public RemoteJob(final String name, final String url, final String description)
super();
this.name = name;
this.url = url;
this.description = description;
this.description = cleanRemoteString(description);
}

public String getName() {
@@ -73,7 +76,7 @@ public String getDescription() {
}

public void setDescription(final String description) {
this.description = description;
this.description = cleanRemoteString(description);
}

public int compareTo(final RemoteJob other) {
@@ -107,4 +110,10 @@ public String toString() {
return new StringBuilder().append("RemoteJob: ").append(name).append(", ").append(url).append(", ")
.append(description).toString();
}

protected static final int MAX_STRLEN = 4096;

protected static final String cleanRemoteString(final String string) {
return StringUtils.substring(StringEscapeUtils.escapeHtml(string), 0, MAX_STRLEN);
}
}

0 comments on commit ec1711f

Please sign in to comment.