Changeset 1c3fc2b


Ignore:
Timestamp:
Jan 10, 2018 3:29:59 PM (3 years ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
cfbcd54
Parents:
d55a0c9
Message:

i2psnark: Fix double-escaping of '&' (ticket #2127)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • apps/i2psnark/java/src/org/klomp/snark/web/I2PSnarkServlet.java

    rd55a0c9 r1c3fc2b  
    27852785        String display;
    27862786        if (s.length() <= max)
    2787             display = DataHelper.escapeHTML(link);
     2787            display = escapeHTML2(link);
    27882788        else
    27892789            display = DataHelper.escapeHTML(s.substring(0, max)) + "&hellip;";
     
    28002800                .replace("<", "%3C").replace(">", "%3E")
    28012801                .replace("[", "%5B").replace("]", "%5D");
     2802    }
     2803
     2804    private static final String escapeChars[] = {"\"", "<", ">", "'"};
     2805    private static final String escapeCodes[] = {"&quot;", "&lt;", "&gt;", "&apos;"};
     2806
     2807    /**
     2808     * Modded from DataHelper.
     2809     * Does not escape ampersand. String must already have escaped ampersand.
     2810     * @param unescaped the unescaped string, non-null
     2811     * @return the escaped string
     2812     * @since 0.9.33
     2813     */
     2814    private static String escapeHTML2(String unescaped) {
     2815        String escaped = unescaped;
     2816        for (int i = 0; i < escapeChars.length; i++) {
     2817            escaped = escaped.replace(escapeChars[i], escapeCodes[i]);
     2818        }
     2819        return escaped;
    28022820    }
    28032821
Note: See TracChangeset for help on using the changeset viewer.