diff options
author | Vitaly Takmazov | 2015-12-01 03:26:56 +0300 |
---|---|---|
committer | Vitaly Takmazov | 2015-12-01 03:26:56 +0300 |
commit | 4d0d91d9cb408d0a323b18c1e5e609d74bdbba4c (patch) | |
tree | 9cb41a46232f8128106fa302a714c14c75fdc243 /src/main/java/com/juick/rss/Main.java | |
parent | 9487b904edb1619c7379c9f75d49fb5ee3743488 (diff) |
escape html in tags
Diffstat (limited to 'src/main/java/com/juick/rss/Main.java')
-rw-r--r-- | src/main/java/com/juick/rss/Main.java | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/src/main/java/com/juick/rss/Main.java b/src/main/java/com/juick/rss/Main.java index 9c0d803c..936c891d 100644 --- a/src/main/java/com/juick/rss/Main.java +++ b/src/main/java/com/juick/rss/Main.java @@ -171,7 +171,7 @@ public class Main extends HttpServlet { out.println("<comments>http://juick.com/" + msg.User.UName + "/" + msg.MID + "</comments>"); if (!msg.Tags.isEmpty()) { for (int n = 0; n < msg.Tags.size(); n++) { - out.println("<category>" + msg.Tags.get(n) + "</category>"); + out.println("<category>" + escapeHtml(msg.Tags.get(n)) + "</category>"); } } if (msg.AttachmentType != null) { @@ -273,10 +273,12 @@ public class Main extends HttpServlet { } private static Pattern regexLinks2 = Pattern.compile("((?<=\\s)|(?<=\\A))([\\[\\{]|<)((?:ht|f)tps?://(?:www\\.)?([^\\/\\s\\\"\\)\\!]+)/?(?:[^\\]\\}](?<!>))*)([\\]\\}]|>)"); + public static String escapeHtml(String input) { + return input.replaceAll("&", "&").replaceAll("<", "<").replaceAll(">", ">"); + } + public static String formatMessage(String msg) { - msg = msg.replaceAll("&", "&"); - msg = msg.replaceAll("<", "<"); - msg = msg.replaceAll(">", ">"); + msg = escapeHtml(msg); // -- // — |