From 4d0d91d9cb408d0a323b18c1e5e609d74bdbba4c Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Tue, 1 Dec 2015 03:26:56 +0300
Subject: escape html in tags

---
 src/main/java/com/juick/rss/Main.java | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'src/main/java/com')

diff --git a/src/main/java/com/juick/rss/Main.java b/src/main/java/com/juick/rss/Main.java
index 9c0d803c..936c891d 100644
--- a/src/main/java/com/juick/rss/Main.java
+++ b/src/main/java/com/juick/rss/Main.java
@@ -171,7 +171,7 @@ public class Main extends HttpServlet {
                 out.println("<comments>http://juick.com/" + msg.User.UName + "/" + msg.MID + "</comments>");
                 if (!msg.Tags.isEmpty()) {
                     for (int n = 0; n < msg.Tags.size(); n++) {
-                        out.println("<category>" + msg.Tags.get(n) + "</category>");
+                        out.println("<category>" + escapeHtml(msg.Tags.get(n)) + "</category>");
                     }
                 }
                 if (msg.AttachmentType != null) {
@@ -273,10 +273,12 @@ public class Main extends HttpServlet {
     }
     private static Pattern regexLinks2 = Pattern.compile("((?<=\\s)|(?<=\\A))([\\[\\{]|&lt;)((?:ht|f)tps?://(?:www\\.)?([^\\/\\s\\\"\\)\\!]+)/?(?:[^\\]\\}](?<!&gt;))*)([\\]\\}]|&gt;)");
 
+    public static String escapeHtml(String input) {
+	return input.replaceAll("&", "&amp;").replaceAll("<", "&lt;").replaceAll(">", "&gt;");
+    }
+
     public static String formatMessage(String msg) {
-        msg = msg.replaceAll("&", "&amp;");
-        msg = msg.replaceAll("<", "&lt;");
-        msg = msg.replaceAll(">", "&gt;");
+        msg = escapeHtml(msg);
 
         // --
         // &mdash;
-- 
cgit v1.2.3