From 4d0d91d9cb408d0a323b18c1e5e609d74bdbba4c Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Tue, 1 Dec 2015 03:26:56 +0300 Subject: escape html in tags --- src/main/java/com/juick/rss/Main.java | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'src/main/java/com') diff --git a/src/main/java/com/juick/rss/Main.java b/src/main/java/com/juick/rss/Main.java index 9c0d803c..936c891d 100644 --- a/src/main/java/com/juick/rss/Main.java +++ b/src/main/java/com/juick/rss/Main.java @@ -171,7 +171,7 @@ public class Main extends HttpServlet { out.println("http://juick.com/" + msg.User.UName + "/" + msg.MID + ""); if (!msg.Tags.isEmpty()) { for (int n = 0; n < msg.Tags.size(); n++) { - out.println("" + msg.Tags.get(n) + ""); + out.println("" + escapeHtml(msg.Tags.get(n)) + ""); } } if (msg.AttachmentType != null) { @@ -273,10 +273,12 @@ public class Main extends HttpServlet { } private static Pattern regexLinks2 = Pattern.compile("((?<=\\s)|(?<=\\A))([\\[\\{]|<)((?:ht|f)tps?://(?:www\\.)?([^\\/\\s\\\"\\)\\!]+)/?(?:[^\\]\\}](?", ">"); + } + public static String formatMessage(String msg) { - msg = msg.replaceAll("&", "&"); - msg = msg.replaceAll("<", "<"); - msg = msg.replaceAll(">", ">"); + msg = escapeHtml(msg); // -- // — -- cgit v1.2.3