summaryrefslogtreecommitdiffstats
path: root/buildhelpers
diff options
context:
space:
mode:
authorSara Seppola <sara@vaadin.com>2014-10-07 16:09:02 +0300
committerVaadin Code Review <review@vaadin.com>2014-10-09 16:20:23 +0000
commite84bdc22b1238c30b0cafc7dc3b6c84ef034f67b (patch)
treefca9c03558ed6840382c321aa96f5d390af437a7 /buildhelpers
parent15bd3fd1dcd01f273da94e9af4461eea843f0706 (diff)
downloadvaadin-framework-e84bdc22b1238c30b0cafc7dc3b6c84ef034f67b.tar.gz
vaadin-framework-e84bdc22b1238c30b0cafc7dc3b6c84ef034f67b.zip
Ticket summaries are now html-encoded (#14579)
Change-Id: Ia6a4342f6488da27310afe14421ef5af68e436bc
Diffstat (limited to 'buildhelpers')
-rw-r--r--buildhelpers/src/com/vaadin/buildhelpers/FetchReleaseNotesTickets.java55
1 files changed, 49 insertions, 6 deletions
diff --git a/buildhelpers/src/com/vaadin/buildhelpers/FetchReleaseNotesTickets.java b/buildhelpers/src/com/vaadin/buildhelpers/FetchReleaseNotesTickets.java
index 497d8c0ff1..64ab86b84e 100644
--- a/buildhelpers/src/com/vaadin/buildhelpers/FetchReleaseNotesTickets.java
+++ b/buildhelpers/src/com/vaadin/buildhelpers/FetchReleaseNotesTickets.java
@@ -99,12 +99,9 @@ public class FetchReleaseNotesTickets {
continue;
}
String summary = fields[1];
- if (summary.startsWith("\"") && summary.endsWith("\"")) {
- // If a summary starts with " and ends with " then all quotes in
- // the summary are encoded as double quotes
- summary = summary.substring(1, summary.length() - 1);
- summary = summary.replace("\"\"", "\"");
- }
+
+ summary = modifySummaryString(summary);
+
String badge = "<td></td>";
if (fields.length >= 8 && !fields[7].equals("")) {
badge = "<td class=\"bfp\"><span class=\"bfp\">Priority</span></td>";
@@ -119,6 +116,52 @@ public class FetchReleaseNotesTickets {
urlStream.close();
}
+ private static String modifySummaryString(String summary) {
+
+ if (summary.startsWith("\"") && summary.endsWith("\"")) {
+ // If a summary starts with " and ends with " then all quotes in
+ // the summary are encoded as double quotes
+ summary = summary.substring(1, summary.length() - 1);
+ summary = summary.replace("\"\"", "\"");
+ }
+
+ // this is needed for escaping html
+ summary = escapeHtml(summary);
+
+ return summary;
+ }
+
+ /**
+ * @since
+ * @param string
+ * the string to be html-escaped
+ * @return string in html-escape format
+ */
+ private static String escapeHtml(String string) {
+
+ StringBuffer buf = new StringBuffer(string.length() * 2);
+
+ // we check the string character by character and escape only special
+ // characters
+ for (int i = 0; i < string.length(); ++i) {
+
+ char ch = string.charAt(i);
+ String charString = ch + "";
+
+ if ((charString).matches("[a-zA-Z0-9., ]")) {
+ // character is letter, digit, dot, comma or whitespace
+ buf.append(ch);
+ } else {
+ int charInt = ch;
+ buf.append("&");
+ buf.append("#");
+ buf.append(charInt);
+ buf.append(";");
+ }
+ }
+ return buf.toString();
+ }
+
private static void usage() {
System.err.println("Usage: "
+ FetchReleaseNotesTickets.class.getSimpleName()