textarea improvement

2024-11-17 17:55:12 +00:00 · 2022-01-22 13:03:15 +01:00 · 2022-01-22 13:03:15 +01:00 · 494dfba063
commit 494dfba063
parent c8954cbe4a
3 changed files with 51 additions and 1 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,12 @@
+# Security Policy
+
+
+
+## Reporting a Vulnerability
+
+If you find any security concern, please send a mail to plantuml@gmail.com
+with title **Security concern**.
+
+We will then study the concern and will answer back by email.
+
+Thanks!
--- a/src/main/java/net/sourceforge/plantuml/servlet/PlantUmlServlet.java
+++ b/src/main/java/net/sourceforge/plantuml/servlet/PlantUmlServlet.java
@ -77,6 +77,44 @@ public class PlantUmlServlet extends HttpServlet {
            OptionFlags.ALLOW_INCLUDE = true;
        }
    }
+    
+        public static String stringToHTMLString(String string) {
+            final StringBuffer sb = new StringBuffer(string.length());
+            // true if last char was blank
+            final int length = string.length();
+            for (int offset = 0; offset < length; ) {
+                final int c = string.codePointAt(offset);
+                if (c == ' ')
+                    sb.append(' ');
+                else if (c == '"')
+                    sb.append("&quot;");
+                else if (c == '&')
+                    sb.append("&amp;");
+                else if (c == '<')
+                    sb.append("&lt;");
+                else if (c == '>')
+                    sb.append("&gt;");
+                else if (c == '\r')
+                    sb.append("\r");
+                else if (c == '\n')
+                    sb.append("\n");
+                else {
+                    int ci = 0xffffff & c;
+                    if (ci < 160)
+                        // nothing special only 7 Bit
+                        sb.append((char)c);
+                    else {
+                        // Not 7 Bit use the unicode system
+                        sb.append("&#");
+                        sb.append(ci);
+                        sb.append(';');
+                    }
+                }
+                offset += Character.charCount(c);
+            }
+        return sb.toString();
+    }
+

    @Override
    public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
--- a/src/main/webapp/index.jsp
+++ b/src/main/webapp/index.jsp
@ -57,7 +57,7 @@
        <%-- CONTENT --%>
        <form method="post" accept-charset="utf-8"  action="<%= hostpath %>/form">
            <p>
-                <textarea id="text" name="text" cols="120" rows="10"><%= decoded %></textarea>
+                <textarea id="text" name="text" cols="120" rows="10"><%= net.sourceforge.plantuml.servlet.PlantUmlServlet.stringToHTMLString(decoded) %></textarea>
                <input type="submit" />
            </p>
        </form>