octoleo/plantuml-server
1
0
Fork 0
mirror of https://github.com/octoleo/plantuml-server.git synced 2025-01-02 12:48:48 +00:00
Code Issues Releases Wiki Activity

textarea improvement

Browse Source
This commit is contained in:
Arnaud Roques 2022-01-22 13:03:15 +01:00
parent c8954cbe4a
commit 494dfba063
3 changed files with 51 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
SECURITY.md Normal file
View File

@ -0,0 +1,12 @@
# Security Policy
## Reporting a Vulnerability
If you find any security concern, please send a mail to plantuml@gmail.com
with title **Security concern**.
We will then study the concern and will answer back by email.
Thanks!

38
src/main/java/net/sourceforge/plantuml/servlet/PlantUmlServlet.java
View File

@ -77,6 +77,44 @@ public class PlantUmlServlet extends HttpServlet {
OptionFlags.ALLOW_INCLUDE = true; OptionFlags.ALLOW_INCLUDE = true;
} }
} }
public static String stringToHTMLString(String string) {
final StringBuffer sb = new StringBuffer(string.length());
// true if last char was blank
final int length = string.length();
for (int offset = 0; offset < length; ) {
final int c = string.codePointAt(offset);
if (c == ' ')
sb.append(' ');
else if (c == '"')
sb.append("&quot;");
else if (c == '&')
sb.append("&amp;");
else if (c == '<')
sb.append("&lt;");
else if (c == '>')
sb.append("&gt;");
else if (c == '\r')
sb.append("\r");
else if (c == '\n')
sb.append("\n");
else {
int ci = 0xffffff & c;
if (ci < 160)
// nothing special only 7 Bit
sb.append((char)c);
else {
// Not 7 Bit use the unicode system
sb.append("&#");
sb.append(ci);
sb.append(';');
}
}
offset += Character.charCount(c);
}
return sb.toString();
}
@Override @Override
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {

2
src/main/webapp/index.jsp
View File

@ -57,7 +57,7 @@
<%-- CONTENT --%> <%-- CONTENT --%>
<form method="post" accept-charset="utf-8" action="<%= hostpath %>/form"> <form method="post" accept-charset="utf-8" action="<%= hostpath %>/form">
<p> <p>
<textarea id="text" name="text" cols="120" rows="10"><%= decoded %></textarea> <textarea id="text" name="text" cols="120" rows="10"><%= net.sourceforge.plantuml.servlet.PlantUmlServlet.stringToHTMLString(decoded) %></textarea>
<input type="submit" /> <input type="submit" />
</p> </p>
</form> </form>