Skip to content

Commit

Permalink
поправил XSS при обработке ссылок на l.o.r
Browse files Browse the repository at this point in the history
  • Loading branch information
@maxcom
maxcom committed Jun 11, 2015
1 parent e2ee103 commit f8faf72
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 5 deletions.
9 changes: 4 additions & 5 deletions src/main/java/ru/org/linux/util/formatter/ToHtmlFormatter.java
View file
Expand Up @@ -99,7 +99,6 @@ public String format(String text, boolean secure, boolean nofollow) {
public String format(String text, boolean secure, boolean nofollow, RuTypoChanger changer) {
String escapedText = StringUtil.escapeHtml(text);


StringTokenizer st = new StringTokenizer(escapedText, " \n", true);
StringBuilder sb = new StringBuilder();

Expand Down Expand Up @@ -137,7 +136,7 @@ public String memberURL(User user, boolean secure) throws URIException {
return (new URI(scheme, null, mainUri.getHost(), mainUri.getPort(), String.format("/people/%s/profile", user.getNick()))).getEscapedURIReference();
}

protected String formatURL(String line, boolean secure, boolean nofollow, RuTypoChanger changer) {
private String formatURL(String line, boolean secure, boolean nofollow, RuTypoChanger changer) {
StringBuilder out = new StringBuilder();
Matcher m = URL_PATTERN.matcher(line);
int index = 0;
Expand Down Expand Up @@ -219,7 +218,7 @@ private void processGenericLorUrl(
) throws URIException {
// ссылка внутри lorsource исправляем scheme
String fixedUrlHref = url.fixScheme(secure);
String fixedUrlBody = linktext!=null?simpleFormat(linktext):url.formatUrlBody(maxLength);
String fixedUrlBody = linktext!=null?simpleFormat(linktext):StringUtil.escapeHtml(url.formatUrlBody(maxLength));
out.append("<a href=\"").append(fixedUrlHref).append("\">").append(fixedUrlBody).append("</a>");
}

Expand Down Expand Up @@ -257,13 +256,13 @@ private void processMessageUrl(
out.append("<s>");
}

out.append("<a href=\"").append(newUrlHref).append("\" title=\"").append(urlTitle).append("\">").append(fixedUrlBody).append("</a>");
out.append("<a href=\"").append(newUrlHref).append("\" title=\"").append(urlTitle).append("\">").append(StringUtil.escapeHtml(fixedUrlBody)).append("</a>");

if (deleted) {
out.append("</s>");
}
} catch (MessageNotFoundException ex) {
out.append("<a href=\"").append(url.toString()).append("\">").append(url.formatUrlBody(maxLength)).append("</a>");
out.append("<a href=\"").append(url.toString()).append("\">").append(StringUtil.escapeHtml(url.formatUrlBody(maxLength))).append("</a>");
}
}
}
6 changes: 6 additions & 0 deletions src/test/java/ru/org/linux/util/HTMLFormatterTest.java
View file
Expand Up @@ -584,4 +584,10 @@ public void testQuotes() {

}

@Test
public void encodeLorUrl() {
assertEquals(
"<p><a href=\"http://www.linux.org.ru/forum/linux%3C%3E-org-ru/\">www.linux.org.ru/forum/linux&lt;&gt;-org-ru/</a></p>",
lorCodeService.parseComment("www.linux.org.ru/forum/linux%3C%3E-org-ru/", false, false));
}
}

1 comment on commit f8faf72

@kloun
Copy link
Contributor

@kloun kloun commented on f8faf72 Jun 11, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

РЕШЕТО

Please sign in to comment.