Changeset 26561 for main/trunk

Timestamp:

2012-12-06T15:48:18+13:00 (11 years ago)

Author:

sjm84

Message:

Make sure angle brackets in attributes are properly escaped

File:

• main/trunk/greenstone3/src/java/org/greenstone/gsdl3/service/DebugService.java (modified) (6 diffs)

main/trunk/greenstone3/src/java/org/greenstone/gsdl3/service/DebugService.java

@@ -16 +16 @@
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 
@@ -127 +129 @@
                     if (template.getAttribute("name").equals(nameToGet))
                     {
+                        fixAttributes(template);
+
                         Element requestedTemplate = this.doc.createElement("requestedNameTemplate");
                         requestedTemplate.appendChild(this.doc.importNode(template, true));
@@ -142 +146 @@
                     if (template.getAttribute("match").equals(matchToGet))
                     {
+                        fixAttributes(template);
+
                         Element requestedTemplate = this.doc.createElement("requestedMatchTemplate");
                         requestedTemplate.appendChild(this.doc.importNode(template, true));
@@ -151 +157 @@
 
         return result;
+    }
+
+    protected void fixAttributes(Element template)
+    {
+        NodeList nodes = template.getElementsByTagName("*");
+        for (int j = 0; j < nodes.getLength(); j++)
+        {
+            Node current = nodes.item(j);
+            NamedNodeMap attributes = current.getAttributes();
+            for (int k = 0; k < attributes.getLength(); k++)
+            {
+                Node currentAttr = attributes.item(k);
+                String value = currentAttr.getNodeValue();
+                if (value.contains("&") || value.contains("<") || value.contains(">"))
+                {
+                    currentAttr.setNodeValue(value.replace("&", "&amp;amp;").replace("<", "&lt;").replace(">", "&gt;"));
+                }
+            }
+        }
     }
 
@@ -207 +232 @@
             NodeList templateElems = xslDoc.getElementsByTagNameNS(fullNamespace, nodeName);
 
-            /*
-             * NodeList textElems =
-             * xslDoc.getElementsByTagNameNS(GSXML.XSL_NAMESPACE, "text"); for
-             * (int i = 0; i < textElems.getLength(); i++) {
-             * System.err.println("\n\n" + i + "\n\n" +
-             * GSXML.xmlNodeToString(textElems.item(i))); }
-             */
-
             boolean found = false;
             if (nameToSave != null && nameToSave.length() != 0)
@@ -225 +242 @@
                         try
                         {
-                            System.err.println(xml);
                             Element newTemplate = (Element) converter.getDOM("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<xsl:stylesheet version=\"1.0\" xmlns:xsl=\"" + GSXML.XSL_NAMESPACE + "\" xmlns:java=\"" + GSXML.JAVA_NAMESPACE + "\" xmlns:util=\"" + GSXML.UTIL_NAMESPACE + "\" xmlns:gsf=\"" + GSXML.GSF_NAMESPACE + "\">" + xml + "</xsl:stylesheet>", "UTF-8").getDocumentElement().getElementsByTagNameNS(fullNamespace, nodeName).item(0);
                             template.getParentNode().replaceChild(xslDoc.importNode(newTemplate, true), template);