Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Escapes now HTML (JsonBuilder).

  • Loading branch information...
commit 5a6a25366491443b76e528a04a9e4ba26f08a83c 1 parent 422de35
@kreinhard kreinhard authored
View
39 src/main/java/org/projectforge/web/core/JsonBuilder.java
@@ -31,6 +31,8 @@
{
final private StringBuilder sb = new StringBuilder();
+ private boolean escapeHtml;
+
/**
* Creates Json result string from the given list.<br/>
* [["Horst"], ["Klaus"], ...]] // For single property<br/>
@@ -49,6 +51,16 @@ public static String buildToStringRows(final Collection< ? > col)
return builder.append(col).getAsString();
}
+ /**
+ * @param escapeHtml the escapeHtml to set (default is false).
+ * @return this for chaining.
+ */
+ public JsonBuilder setEscapeHtml(final boolean escapeHtml)
+ {
+ this.escapeHtml = escapeHtml;
+ return this;
+ }
+
public String getAsString()
{
return sb.toString();
@@ -117,7 +129,32 @@ private String escapeString(final String string)
t = "000" + Integer.toHexString(c);
sb.append("\\u" + t.substring(t.length() - 4));
} else {
- sb.append(c);
+ if (escapeHtml == true) {
+ switch (c) {
+ case '<':
+ sb.append("&lt;");
+ break;
+ case '>':
+ sb.append("&gt;");
+ break;
+ case '&':
+ sb.append("&amp;");
+ break;
+ case '"':
+ sb.append("&quot;");
+ break;
+ case '\'':
+ sb.append("&#x27;");
+ break;
+ case '/':
+ sb.append("&#x2F;");
+ break;
+ default:
+ sb.append(c);
+ }
+ } else {
+ sb.append(c);
+ }
}
}
}
View
5 src/main/java/org/projectforge/web/wicket/autocompletion/PFAutoCompleteBehavior.java
@@ -245,6 +245,11 @@ protected String formatLabel(final T value)
private class MyJsonBuilder extends JsonBuilder
{
+ private MyJsonBuilder()
+ {
+ setEscapeHtml(true);
+ }
+
@SuppressWarnings("unchecked")
@Override
protected String formatValue(final Object obj)
Please sign in to comment.
Something went wrong with that request. Please try again.