diff options
-rw-r--r-- | src/main/java/com/juick/rss/Main.java | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/src/main/java/com/juick/rss/Main.java b/src/main/java/com/juick/rss/Main.java index 9c0d803c..936c891d 100644 --- a/src/main/java/com/juick/rss/Main.java +++ b/src/main/java/com/juick/rss/Main.java @@ -171,7 +171,7 @@ public class Main extends HttpServlet { out.println("<comments>http://juick.com/" + msg.User.UName + "/" + msg.MID + "</comments>"); if (!msg.Tags.isEmpty()) { for (int n = 0; n < msg.Tags.size(); n++) { - out.println("<category>" + msg.Tags.get(n) + "</category>"); + out.println("<category>" + escapeHtml(msg.Tags.get(n)) + "</category>"); } } if (msg.AttachmentType != null) { @@ -273,10 +273,12 @@ public class Main extends HttpServlet { } private static Pattern regexLinks2 = Pattern.compile("((?<=\\s)|(?<=\\A))([\\[\\{]|<)((?:ht|f)tps?://(?:www\\.)?([^\\/\\s\\\"\\)\\!]+)/?(?:[^\\]\\}](?<!>))*)([\\]\\}]|>)"); + public static String escapeHtml(String input) { + return input.replaceAll("&", "&").replaceAll("<", "<").replaceAll(">", ">"); + } + public static String formatMessage(String msg) { - msg = msg.replaceAll("&", "&"); - msg = msg.replaceAll("<", "<"); - msg = msg.replaceAll(">", ">"); + msg = escapeHtml(msg); // -- // — |