From c3f5d83b7beed8a523b8a851df742ef028de5efd Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Thu, 17 May 2018 22:26:14 +0300 Subject: fix unsafe urls stripping --- .../src/main/java/com/juick/util/MessageUtils.java | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'juick-common/src/main/java/com') diff --git a/juick-common/src/main/java/com/juick/util/MessageUtils.java b/juick-common/src/main/java/com/juick/util/MessageUtils.java index 5a4b05ca..c9796809 100644 --- a/juick-common/src/main/java/com/juick/util/MessageUtils.java +++ b/juick-common/src/main/java/com/juick/util/MessageUtils.java @@ -57,8 +57,12 @@ public class MessageUtils { return result; } - private final static String regexUrl = - "((?<=\\s)|(?<=\\A))((?:ht|f)tps?://(?:www\\.)?([^\\/\\s\\n\\\"]+)/?[^\\s\\n\\\"]*)"; + private final static String urlWhiteSpacePrefix = "((?<=\\s)|(?<=\\A))"; + + private final static String urlRegex = "((?:ht|f)tps?://(?:www\\.)?([^\\/\\s\\n\\\"]+)/?[^\\s\\n\\\"\\>]*)"; + + private final static String urlWithWhitespacesRegex = + urlWhiteSpacePrefix + urlRegex; private final static Pattern regexLinks2 = Pattern.compile("((?<=\\s)|(?<=\\A))([\\[\\{]|<)((?:ht|f)tps?://(?:www\\.)?([^\\/\\s\\\"\\)\\!]+)/?(?:[^\\]\\}](?http://juick.com/last?page=2 - msg = msg.replaceAll(regexUrl, "$1$2"); + msg = msg.replaceAll(urlWithWhitespacesRegex, "$1$2"); // (http://juick.com/last?page=2) // (http://juick.com/last?page=2) @@ -96,7 +100,7 @@ public class MessageUtils { // http://juick.com/last?page=2 // juick.com - msg = msg.replaceAll(regexUrl, "$1$3"); + msg = msg.replaceAll(urlWithWhitespacesRegex, "$1$3"); // [link text][http://juick.com/last?page=2] // link text @@ -276,7 +280,7 @@ public class MessageUtils { public static String stripNonSafeUrls(String input) { // strip login urls - Matcher urlMatcher = Pattern.compile(MessageUtils.regexUrl).matcher(input); + Matcher urlMatcher = Pattern.compile(MessageUtils.urlRegex).matcher(input); while (urlMatcher.find()) { URI uri = URI.create(urlMatcher.group(0)); if (uri.getHost().equals("juick.com")) { -- cgit v1.2.3