SafeTextModel.java « wicket « gitblit « com « java « main « src - gitblit.git - Pure java git solution: https://github.com/gitblit-org/gitblit

path: root/src/main/java/com/gitblit/wicket/SafeTextModel.java

blob: 5dc1854ddc9e8bcf8d1579b77c487c899e25410b (generated by cgit v1.2.3 (git 2.39.1) at 2025-08-06 04:22:46 +0000

perty */ .highlight .nt { color: #bb0066; font-weight: bold } /* Name.Tag */ .highlight .nv { color: #336699 } /* Name.Variable */ .highlight .ow { color: #008800 } /* Operator.Word */ .highlight .w { color: #bbbbbb } /* Text.Whitespace */ .highlight .mb { color: #0000DD; font-weight: bold } /* Literal.Number.Bin */ .highlight .mf { color: #0000DD; font-weight: bold } /* Literal.Number.Float */ .highlight .mh { color: #0000DD; font-weight: bold } /* Literal.Number.Hex */ .highlight .mi { color: #0000DD; font-weight: bold } /* Literal.Number.Integer */ .highlight .mo { color: #0000DD; font-weight: bold } /* Literal.Number.Oct */ .highlight .sa { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Affix */ .highlight .sb { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Backtick */ .highlight .sc { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Char */ .highlight .dl { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Delimiter */ .highlight .sd { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Doc */ .highlight .s2 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Double */ .highlight .se { color: #0044dd; background-color: #fff0f0 } /* Literal.String.Escape */ .highlight .sh { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Heredoc */ .highlight .si { color: #3333bb; background-color: #fff0f0 } /* Literal.String.Interpol */ .highlight .sx { color: #22bb22; background-color: #f0fff0 } /* Literal.String.Other */ .highlight .sr { color: #008800; background-color: #fff0ff } /* Literal.String.Regex */ .highlight .s1 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Single */ .highlight .ss { color: #aa6600; background-color: #fff0f0 } /* Literal.String.Symbol */ .highlight .bp { color: #003388 } /* Name.Builtin.Pseudo */ .highlight .fm { color: #0066bb; font-weight: bold } /* Name.Function.Magic */ .highlight .vc { color: #336699 } /* Name.Variable.Class */ .highlight .vg { color: #dd7700 } /* Name.Variable.Global */ .highlight .vi { color: #3333bb } /* Name.Variable.Instance */ .highlight .vm { color: #336699 } /* Name.Variable.Magic */ .highlight .il { color: #0000DD; font-weight: bold } /* Literal.Number.Integer.Long */

package com.gitblit.wicket;

import org.apache.wicket.model.IModel;
import org.apache.wicket.model.Model;
import org.apache.wicket.util.lang.Objects;
import org.parboiled.common.StringUtils;
import org.slf4j.LoggerFactory;

public class SafeTextModel implements IModel<String> {

	private static final long serialVersionUID = 1L;

	public enum Mode {
		relaxed, none
	}

	private final Mode mode;

	private String value;

	public static SafeTextModel none() {
		return new SafeTextModel(Mode.none);
	}

	public static SafeTextModel none(String value) {
		return new SafeTextModel(value, Mode.none);
	}

	public static SafeTextModel relaxed() {
		return new SafeTextModel(Mode.relaxed);
	}

	public static SafeTextModel relaxed(String value) {
		return new SafeTextModel(value, Mode.relaxed);
	}

	public SafeTextModel(Mode mode) {
		this.mode = mode;
	}

	public SafeTextModel(String value, Mode mode) {
		this.value = value;
		this.mode = mode;
	}

	@Override
	public void detach() {
	}

	@Override
	public String getObject() {
		if (StringUtils.isEmpty(value)) {
			return value;
		}
		String safeValue;
		switch (mode) {
		case none:
			safeValue = GitBlitWebApp.get().xssFilter().none(value);
			break;
		default:
			safeValue = GitBlitWebApp.get().xssFilter().relaxed(value);
			break;
		}
		if (!value.equals(safeValue)) {
			LoggerFactory.getLogger(getClass()).warn("XSS filter trigggered on suspicious form field value {}",
					value);
		}
		return safeValue;
	}

	@Override
	public void setObject(String input) {
		this.value = input;
	}

	@Override
	public int hashCode()
	{
		return Objects.hashCode(value);
	}

	@Override
	public boolean equals(Object obj)
	{
		if (this == obj)
		{
			return true;
		}
		if (!(obj instanceof Model<?>))
		{
			return false;
		}
		Model<?> that = (Model<?>)obj;
		return Objects.equal(value, that.getObject());
	}
}