From 14f111c2e3f20f563dfbe17181f77bfaa9cd57ef Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Sun, 28 Aug 2016 18:38:15 +0300 Subject: Tags: should be escaped in db and unescaped in templates --- juick-www/src/main/java/com/juick/www/NewMessage.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'juick-www/src/main/java/com/juick/www/NewMessage.java') diff --git a/juick-www/src/main/java/com/juick/www/NewMessage.java b/juick-www/src/main/java/com/juick/www/NewMessage.java index 56fe99cb..d45f1a4b 100644 --- a/juick-www/src/main/java/com/juick/www/NewMessage.java +++ b/juick-www/src/main/java/com/juick/www/NewMessage.java @@ -27,6 +27,7 @@ import com.juick.xmpp.extensions.JuickUser; import com.juick.xmpp.extensions.Nickname; import com.juick.xmpp.extensions.XOOB; import net.coobird.thumbnailator.Thumbnails; +import org.apache.commons.lang3.StringEscapeUtils; import org.apache.commons.lang3.math.NumberUtils; import org.springframework.jdbc.core.JdbcTemplate; @@ -83,7 +84,7 @@ public class NewMessage { if (body.length() > 4096) { body = body.substring(0, 4096); } - body = Utils.encodeHTML(body); + body = StringEscapeUtils.escapeHtml4(body); } out.println("


"); @@ -126,9 +127,9 @@ public class NewMessage { } String taglink = ""; try { - taglink = "" + Utils.encodeHTML(tags.get(i).getName()) + ""; + "\" title=\"" + tags.get(i).UsageCnt + "\">" + StringEscapeUtils.escapeHtml4(tags.get(i).getName()) + ""; } catch (UnsupportedEncodingException e) { } int usagecnt = tags.get(i).UsageCnt; -- cgit v1.2.3