diff options
| author | Sara Seppola <sara@vaadin.com> | 2014-10-07 16:09:02 +0300 |
|---|---|---|
| committer | Sauli Tähkäpää <sauli@vaadin.com> | 2015-01-21 15:35:14 +0200 |
| commit | f2b00865b06407f81616ecff94fa0c406596be6c (patch) | |
| tree | 1041810ecb8521061e29c88388ef78cd3d7e23dd | |
| parent | 1867787654354f73a4605e61d10fe9f0a1763c6b (diff) | |
| download | vaadin-framework-f2b00865b06407f81616ecff94fa0c406596be6c.tar.gz vaadin-framework-f2b00865b06407f81616ecff94fa0c406596be6c.zip | |
Ticket summaries are now html-encoded (#14579)7.3.9
Change-Id: Ia6a4342f6488da27310afe14421ef5af68e436bc
| -rw-r--r-- | buildhelpers/src/com/vaadin/buildhelpers/FetchReleaseNotesTickets.java | 55 |
1 files changed, 49 insertions, 6 deletions
diff --git a/buildhelpers/src/com/vaadin/buildhelpers/FetchReleaseNotesTickets.java b/buildhelpers/src/com/vaadin/buildhelpers/FetchReleaseNotesTickets.java index 497d8c0ff1..64ab86b84e 100644 --- a/buildhelpers/src/com/vaadin/buildhelpers/FetchReleaseNotesTickets.java +++ b/buildhelpers/src/com/vaadin/buildhelpers/FetchReleaseNotesTickets.java @@ -99,12 +99,9 @@ public class FetchReleaseNotesTickets { continue; } String summary = fields[1]; - if (summary.startsWith("\"") && summary.endsWith("\"")) { - // If a summary starts with " and ends with " then all quotes in - // the summary are encoded as double quotes - summary = summary.substring(1, summary.length() - 1); - summary = summary.replace("\"\"", "\""); - } + + summary = modifySummaryString(summary); + String badge = "<td></td>"; if (fields.length >= 8 && !fields[7].equals("")) { badge = "<td class=\"bfp\"><span class=\"bfp\">Priority</span></td>"; @@ -119,6 +116,52 @@ public class FetchReleaseNotesTickets { urlStream.close(); } + private static String modifySummaryString(String summary) { + + if (summary.startsWith("\"") && summary.endsWith("\"")) { + // If a summary starts with " and ends with " then all quotes in + // the summary are encoded as double quotes + summary = summary.substring(1, summary.length() - 1); + summary = summary.replace("\"\"", "\""); + } + + // this is needed for escaping html + summary = escapeHtml(summary); + + return summary; + } + + /** + * @since + * @param string + * the string to be html-escaped + * @return string in html-escape format + */ + private static String escapeHtml(String string) { + + StringBuffer buf = new StringBuffer(string.length() * 2); + + // we check the string character by character and escape only special + // characters + for (int i = 0; i < string.length(); ++i) { + + char ch = string.charAt(i); + String charString = ch + ""; + + if ((charString).matches("[a-zA-Z0-9., ]")) { + // character is letter, digit, dot, comma or whitespace + buf.append(ch); + } else { + int charInt = ch; + buf.append("&"); + buf.append("#"); + buf.append(charInt); + buf.append(";"); + } + } + return buf.toString(); + } + private static void usage() { System.err.println("Usage: " + FetchReleaseNotesTickets.class.getSimpleName() |