aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/com/juick/rss/Main.java
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2015-12-01 03:26:56 +0300
committerGravatar Vitaly Takmazov2015-12-01 03:26:56 +0300
commit4d0d91d9cb408d0a323b18c1e5e609d74bdbba4c (patch)
tree9cb41a46232f8128106fa302a714c14c75fdc243 /src/main/java/com/juick/rss/Main.java
parent9487b904edb1619c7379c9f75d49fb5ee3743488 (diff)
escape html in tags
Diffstat (limited to 'src/main/java/com/juick/rss/Main.java')
-rw-r--r--src/main/java/com/juick/rss/Main.java10
1 files changed, 6 insertions, 4 deletions
diff --git a/src/main/java/com/juick/rss/Main.java b/src/main/java/com/juick/rss/Main.java
index 9c0d803c..936c891d 100644
--- a/src/main/java/com/juick/rss/Main.java
+++ b/src/main/java/com/juick/rss/Main.java
@@ -171,7 +171,7 @@ public class Main extends HttpServlet {
out.println("<comments>http://juick.com/" + msg.User.UName + "/" + msg.MID + "</comments>");
if (!msg.Tags.isEmpty()) {
for (int n = 0; n < msg.Tags.size(); n++) {
- out.println("<category>" + msg.Tags.get(n) + "</category>");
+ out.println("<category>" + escapeHtml(msg.Tags.get(n)) + "</category>");
}
}
if (msg.AttachmentType != null) {
@@ -273,10 +273,12 @@ public class Main extends HttpServlet {
}
private static Pattern regexLinks2 = Pattern.compile("((?<=\\s)|(?<=\\A))([\\[\\{]|&lt;)((?:ht|f)tps?://(?:www\\.)?([^\\/\\s\\\"\\)\\!]+)/?(?:[^\\]\\}](?<!&gt;))*)([\\]\\}]|&gt;)");
+ public static String escapeHtml(String input) {
+ return input.replaceAll("&", "&amp;").replaceAll("<", "&lt;").replaceAll(">", "&gt;");
+ }
+
public static String formatMessage(String msg) {
- msg = msg.replaceAll("&", "&amp;");
- msg = msg.replaceAll("<", "&lt;");
- msg = msg.replaceAll(">", "&gt;");
+ msg = escapeHtml(msg);
// --
// &mdash;