Properly escape fragment for HTML

diff --git a/src/com/gitblit/LuceneExecutor.java b/src/com/gitblit/LuceneExecutor.java
index 7b6a879fdcf216baab7ac2b983f4234cb9bcd37e..5670d26bd6f7a30ecb6b74cfe8816e82175c49df 100644 (file)
--- a/src/com/gitblit/LuceneExecutor.java
+++ b/src/com/gitblit/LuceneExecutor.java
@@ -176,7 +176,7 @@ public class LuceneExecutor implements Runnable {
         * @param repository\r
         *            the repository object\r
         */\r
-       protected void index(RepositoryModel model, Repository repository) {\r
+       private void index(RepositoryModel model, Repository repository) {\r
                try {\r
                        if (shouldReindex(repository)) {\r
                                // (re)build the entire index\r
@@ -337,7 +337,7 @@ public class LuceneExecutor implements Runnable {
         * @return tree\r
         * @throws IOException\r
         */\r
-       protected RevTree getTree(final RevWalk walk, final RevCommit commit)\r
+       private RevTree getTree(final RevWalk walk, final RevCommit commit)\r
                        throws IOException {\r
                final RevTree tree = commit.getTree();\r
                if (tree != null) {\r
@@ -377,7 +377,7 @@ public class LuceneExecutor implements Runnable {
         * @param repository\r
         * @return true of the on-disk index format is different than INDEX_VERSION\r
         */\r
-       protected boolean shouldReindex(Repository repository) {\r
+       private boolean shouldReindex(Repository repository) {\r
                try {\r
                        FileBasedConfig config = getConfig(repository);\r
                        config.load();\r
@@ -745,7 +745,7 @@ public class LuceneExecutor implements Runnable {
         * @param repository\r
         * @return IndexResult\r
         */\r
-       protected IndexResult updateIndex(RepositoryModel model, Repository repository) {\r
+       private IndexResult updateIndex(RepositoryModel model, Repository repository) {\r
                IndexResult result = new IndexResult();\r
                try {\r
                        FileBasedConfig config = getConfig(repository);\r
@@ -1126,8 +1126,8 @@ public class LuceneExecutor implements Runnable {
                Fragmenter fragmenter = new SimpleSpanFragmenter(scorer, fragmentLength); \r
 \r
                // use an artificial delimiter for the token\r
-               String termTag = "<!--[";\r
-               String termTagEnd = "]-->";\r
+               String termTag = "!!--[";\r
+               String termTagEnd = "]--!!";\r
                SimpleHTMLFormatter formatter = new SimpleHTMLFormatter(termTag, termTagEnd);\r
                Highlighter highlighter = new Highlighter(formatter, scorer);           \r
                highlighter.setTextFragmenter(fragmenter);\r
@@ -1190,7 +1190,8 @@ public class LuceneExecutor implements Runnable {
                        sb.append(tag);\r
 \r
                        // replace the artificial delimiter with html tags\r
-                       String html = fragment.replace(termTag, "<span class=\"highlight\">").replace(termTagEnd, "</span>");\r
+                       String html = StringUtils.escapeForHtml(fragment, false);\r
+                       html = html.replace(termTag, "<span class=\"highlight\">").replace(termTagEnd, "</span>");\r
                        sb.append(html);\r
                        sb.append("</pre>");\r
                        if (i < len - 1) {\r