diff options
author | Sara Seppola <sara@vaadin.com> | 2014-10-07 16:09:02 +0300 |
---|---|---|
committer | Vaadin Code Review <review@vaadin.com> | 2014-10-09 16:20:23 +0000 |
commit | e84bdc22b1238c30b0cafc7dc3b6c84ef034f67b (patch) | |
tree | fca9c03558ed6840382c321aa96f5d390af437a7 /buildhelpers | |
parent | 15bd3fd1dcd01f273da94e9af4461eea843f0706 (diff) | |
download | vaadin-framework-e84bdc22b1238c30b0cafc7dc3b6c84ef034f67b.tar.gz vaadin-framework-e84bdc22b1238c30b0cafc7dc3b6c84ef034f67b.zip |
Ticket summaries are now html-encoded (#14579)
Change-Id: Ia6a4342f6488da27310afe14421ef5af68e436bc
Diffstat (limited to 'buildhelpers')
-rw-r--r-- | buildhelpers/src/com/vaadin/buildhelpers/FetchReleaseNotesTickets.java | 55 |
1 files changed, 49 insertions, 6 deletions
diff --git a/buildhelpers/src/com/vaadin/buildhelpers/FetchReleaseNotesTickets.java b/buildhelpers/src/com/vaadin/buildhelpers/FetchReleaseNotesTickets.java index 497d8c0ff1..64ab86b84e 100644 --- a/buildhelpers/src/com/vaadin/buildhelpers/FetchReleaseNotesTickets.java +++ b/buildhelpers/src/com/vaadin/buildhelpers/FetchReleaseNotesTickets.java @@ -99,12 +99,9 @@ public class FetchReleaseNotesTickets { continue; } String summary = fields[1]; - if (summary.startsWith("\"") && summary.endsWith("\"")) { - // If a summary starts with " and ends with " then all quotes in - // the summary are encoded as double quotes - summary = summary.substring(1, summary.length() - 1); - summary = summary.replace("\"\"", "\""); - } + + summary = modifySummaryString(summary); + String badge = "<td></td>"; if (fields.length >= 8 && !fields[7].equals("")) { badge = "<td class=\"bfp\"><span class=\"bfp\">Priority</span></td>"; @@ -119,6 +116,52 @@ public class FetchReleaseNotesTickets { urlStream.close(); } + private static String modifySummaryString(String summary) { + + if (summary.startsWith("\"") && summary.endsWith("\"")) { + // If a summary starts with " and ends with " then all quotes in + // the summary are encoded as double quotes + summary = summary.substring(1, summary.length() - 1); + summary = summary.replace("\"\"", "\""); + } + + // this is needed for escaping html + summary = escapeHtml(summary); + + return summary; + } + + /** + * @since + * @param string + * the string to be html-escaped + * @return string in html-escape format + */ + private static String escapeHtml(String string) { + + StringBuffer buf = new StringBuffer(string.length() * 2); + + // we check the string character by character and escape only special + // characters + for (int i = 0; i < string.length(); ++i) { + + char ch = string.charAt(i); + String charString = ch + ""; + + if ((charString).matches("[a-zA-Z0-9., ]")) { + // character is letter, digit, dot, comma or whitespace + buf.append(ch); + } else { + int charInt = ch; + buf.append("&"); + buf.append("#"); + buf.append(charInt); + buf.append(";"); + } + } + return buf.toString(); + } + private static void usage() { System.err.println("Usage: " + FetchReleaseNotesTickets.class.getSimpleName() |