1
0
mirror of https://github.com/octoleo/plantuml-server.git synced 2025-01-04 21:45:19 +00:00

textarea improvement

This commit is contained in:
Arnaud Roques 2022-01-22 13:03:15 +01:00
parent c8954cbe4a
commit 494dfba063
3 changed files with 51 additions and 1 deletions

12
SECURITY.md Normal file
View File

@ -0,0 +1,12 @@
# Security Policy
## Reporting a Vulnerability
If you find any security concern, please send a mail to plantuml@gmail.com
with title **Security concern**.
We will then study the concern and will answer back by email.
Thanks!

View File

@ -78,6 +78,44 @@ public class PlantUmlServlet extends HttpServlet {
} }
} }
public static String stringToHTMLString(String string) {
final StringBuffer sb = new StringBuffer(string.length());
// true if last char was blank
final int length = string.length();
for (int offset = 0; offset < length; ) {
final int c = string.codePointAt(offset);
if (c == ' ')
sb.append(' ');
else if (c == '"')
sb.append("&quot;");
else if (c == '&')
sb.append("&amp;");
else if (c == '<')
sb.append("&lt;");
else if (c == '>')
sb.append("&gt;");
else if (c == '\r')
sb.append("\r");
else if (c == '\n')
sb.append("\n");
else {
int ci = 0xffffff & c;
if (ci < 160)
// nothing special only 7 Bit
sb.append((char)c);
else {
// Not 7 Bit use the unicode system
sb.append("&#");
sb.append(ci);
sb.append(';');
}
}
offset += Character.charCount(c);
}
return sb.toString();
}
@Override @Override
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
request.setCharacterEncoding("UTF-8"); request.setCharacterEncoding("UTF-8");

View File

@ -57,7 +57,7 @@
<%-- CONTENT --%> <%-- CONTENT --%>
<form method="post" accept-charset="utf-8" action="<%= hostpath %>/form"> <form method="post" accept-charset="utf-8" action="<%= hostpath %>/form">
<p> <p>
<textarea id="text" name="text" cols="120" rows="10"><%= decoded %></textarea> <textarea id="text" name="text" cols="120" rows="10"><%= net.sourceforge.plantuml.servlet.PlantUmlServlet.stringToHTMLString(decoded) %></textarea>
<input type="submit" /> <input type="submit" />
</p> </p>
</form> </form>