diff options
Diffstat (limited to 'server/src')
-rw-r--r-- | server/src/com/vaadin/ui/AbstractSelect.java | 10 | ||||
-rw-r--r-- | server/src/com/vaadin/ui/Button.java | 16 | ||||
-rw-r--r-- | server/src/com/vaadin/ui/Grid.java | 10 | ||||
-rw-r--r-- | server/src/com/vaadin/ui/Label.java | 14 | ||||
-rw-r--r-- | server/src/com/vaadin/ui/OptionGroup.java | 9 | ||||
-rw-r--r-- | server/src/com/vaadin/ui/Table.java | 12 | ||||
-rw-r--r-- | server/src/com/vaadin/ui/TextArea.java | 5 | ||||
-rw-r--r-- | server/src/com/vaadin/ui/declarative/DesignFormatter.java | 51 |
8 files changed, 107 insertions, 20 deletions
diff --git a/server/src/com/vaadin/ui/AbstractSelect.java b/server/src/com/vaadin/ui/AbstractSelect.java index fdf819f031..bbd486a8f9 100644 --- a/server/src/com/vaadin/ui/AbstractSelect.java +++ b/server/src/com/vaadin/ui/AbstractSelect.java @@ -55,6 +55,7 @@ import com.vaadin.shared.ui.dd.VerticalDropLocation; import com.vaadin.ui.declarative.DesignAttributeHandler; import com.vaadin.ui.declarative.DesignContext; import com.vaadin.ui.declarative.DesignException; +import com.vaadin.ui.declarative.DesignFormatter; /** * <p> @@ -2232,12 +2233,13 @@ public abstract class AbstractSelect extends AbstractField<Object> implements } String itemId; + String caption = DesignFormatter.unencodeFromTextNode(child.html()); if (child.hasAttr("item-id")) { itemId = child.attr("item-id"); addItem(itemId); - setItemCaption(itemId, child.html()); + setItemCaption(itemId, caption); } else { - addItem(itemId = child.html()); + addItem(itemId = caption); } if (child.hasAttr("icon")) { @@ -2300,10 +2302,10 @@ public abstract class AbstractSelect extends AbstractField<Object> implements String caption = getItemCaption(itemId); if (caption != null && !caption.equals(itemId.toString())) { - element.html(caption); + element.html(DesignFormatter.encodeForTextNode(caption)); element.attr("item-id", itemId.toString()); } else { - element.html(itemId.toString()); + element.html(DesignFormatter.encodeForTextNode(itemId.toString())); } Resource icon = getItemIcon(itemId); diff --git a/server/src/com/vaadin/ui/Button.java b/server/src/com/vaadin/ui/Button.java index a918780a60..e5ea05a1d3 100644 --- a/server/src/com/vaadin/ui/Button.java +++ b/server/src/com/vaadin/ui/Button.java @@ -22,9 +22,9 @@ import java.util.Collection; import org.jsoup.nodes.Attributes; import org.jsoup.nodes.Element; +import org.jsoup.parser.Parser; import com.vaadin.event.Action; -import com.vaadin.event.FieldEvents.FocusAndBlurServerRpcImpl; import com.vaadin.event.ShortcutAction; import com.vaadin.event.ShortcutAction.KeyCode; import com.vaadin.event.ShortcutAction.ModifierKey; @@ -35,6 +35,7 @@ import com.vaadin.shared.ui.button.ButtonServerRpc; import com.vaadin.shared.ui.button.ButtonState; import com.vaadin.ui.declarative.DesignAttributeHandler; import com.vaadin.ui.declarative.DesignContext; +import com.vaadin.ui.declarative.DesignFormatter; import com.vaadin.util.ReflectTools; /** @@ -573,14 +574,19 @@ public class Button extends AbstractFocusable implements public void readDesign(Element design, DesignContext designContext) { super.readDesign(design, designContext); Attributes attr = design.attributes(); - String content = design.html(); - setCaption(content); + String content; // plain-text (default is html) Boolean plain = DesignAttributeHandler.readAttribute( DESIGN_ATTR_PLAIN_TEXT, attr, Boolean.class); if (plain == null || !plain) { setHtmlContentAllowed(true); + content = design.html(); + } else { + // content is not intended to be interpreted as HTML, + // so html entities need to be decoded + content = DesignFormatter.unencodeFromTextNode(design.html()); } + setCaption(content); if (attr.hasKey("icon-alt")) { setIconAlternateText(DesignAttributeHandler.readAttribute( "icon-alt", attr, String.class)); @@ -630,6 +636,10 @@ public class Button extends AbstractFocusable implements // plain-text (default is html) if (!isHtmlContentAllowed()) { design.attr(DESIGN_ATTR_PLAIN_TEXT, ""); + // encode HTML entities + if (content != null) { + design.html(DesignFormatter.encodeForTextNode(content)); + } } // icon-alt DesignAttributeHandler.writeAttribute("icon-alt", attr, diff --git a/server/src/com/vaadin/ui/Grid.java b/server/src/com/vaadin/ui/Grid.java index f762fe0664..ab3708ee28 100644 --- a/server/src/com/vaadin/ui/Grid.java +++ b/server/src/com/vaadin/ui/Grid.java @@ -108,6 +108,7 @@ import com.vaadin.shared.util.SharedUtil; import com.vaadin.ui.declarative.DesignAttributeHandler; import com.vaadin.ui.declarative.DesignContext; import com.vaadin.ui.declarative.DesignException; +import com.vaadin.ui.declarative.DesignFormatter; import com.vaadin.ui.renderers.HtmlRenderer; import com.vaadin.ui.renderers.Renderer; import com.vaadin.ui.renderers.TextRenderer; @@ -2273,7 +2274,9 @@ public class Grid extends AbstractFocusable implements SelectionNotifier, setHtml(cellElement.html()); } } else { - setText(cellElement.html()); + // text – need to unescape HTML entities + setText(DesignFormatter.unencodeFromTextNode(cellElement + .html())); } } } @@ -4981,7 +4984,7 @@ public class Grid extends AbstractFocusable implements SelectionNotifier, /* * This method is a workaround for the fact that Vaadin re-applies * widget dimensions (height/width) on each state change event. The - * original design was to have setHeight an setHeightByRow be equals, + * original design was to have setHeight and setHeightByRow be equals, * and whichever was called the latest was considered in effect. * * But, because of Vaadin always calling setHeight on the widget, this @@ -6752,7 +6755,8 @@ public class Grid extends AbstractFocusable implements SelectionNotifier, Object value = datasource.getItem(itemId) .getItemProperty(c.getPropertyId()).getValue(); tableRow.appendElement("td").append( - (value != null ? value.toString() : "")); + (value != null ? DesignFormatter + .encodeForTextNode(value.toString()) : "")); } } } diff --git a/server/src/com/vaadin/ui/Label.java b/server/src/com/vaadin/ui/Label.java index a6ee11bdd5..0ead70933b 100644 --- a/server/src/com/vaadin/ui/Label.java +++ b/server/src/com/vaadin/ui/Label.java @@ -31,6 +31,7 @@ import com.vaadin.shared.ui.label.ContentMode; import com.vaadin.shared.ui.label.LabelState; import com.vaadin.shared.util.SharedUtil; import com.vaadin.ui.declarative.DesignContext; +import com.vaadin.ui.declarative.DesignFormatter; /** * Label component for showing non-editable short texts. @@ -585,14 +586,18 @@ public class Label extends AbstractComponent implements Property<String>, public void readDesign(Element design, DesignContext designContext) { super.readDesign(design, designContext); String innerHtml = design.html(); - if (innerHtml != null && !"".equals(innerHtml)) { - setValue(innerHtml); - } - if (design.hasAttr(DESIGN_ATTR_PLAIN_TEXT)) { + boolean plainText = design.hasAttr(DESIGN_ATTR_PLAIN_TEXT); + if (plainText) { setContentMode(ContentMode.TEXT); } else { setContentMode(ContentMode.HTML); } + if (innerHtml != null && !"".equals(innerHtml)) { + if (plainText) { + innerHtml = DesignFormatter.unencodeFromTextNode(innerHtml); + } + setValue(innerHtml); + } } /* @@ -625,6 +630,7 @@ public class Label extends AbstractComponent implements Property<String>, // plain-text (default is html) if (getContentMode() == ContentMode.TEXT) { design.attr(DESIGN_ATTR_PLAIN_TEXT, ""); + design.html(DesignFormatter.encodeForTextNode(getValue())); } } } diff --git a/server/src/com/vaadin/ui/OptionGroup.java b/server/src/com/vaadin/ui/OptionGroup.java index 10c263aca0..183fc36500 100644 --- a/server/src/com/vaadin/ui/OptionGroup.java +++ b/server/src/com/vaadin/ui/OptionGroup.java @@ -33,6 +33,7 @@ import com.vaadin.server.PaintException; import com.vaadin.server.PaintTarget; import com.vaadin.shared.ui.optiongroup.OptionGroupConstants; import com.vaadin.ui.declarative.DesignContext; +import com.vaadin.ui.declarative.DesignFormatter; /** * Configures select to be used as an option group. @@ -276,6 +277,14 @@ public class OptionGroup extends AbstractSelect implements if (!isItemEnabled(itemId)) { elem.attr("disabled", ""); } + if (isHtmlContentAllowed()) { + // need to unencode HTML entities. AbstractSelect.writeDesign can't + // check if HTML content is allowed, so it always encodes entities + // like '>', '<' and '&'; in case HTML content is allowed this is + // undesirable so we need to unencode entities. Entities other than + // '<' and '>' will be taken care by Jsoup. + elem.html(DesignFormatter.unencodeFromTextNode(elem.html())); + } return elem; } diff --git a/server/src/com/vaadin/ui/Table.java b/server/src/com/vaadin/ui/Table.java index 10d1c45ab6..5f22ec46ab 100644 --- a/server/src/com/vaadin/ui/Table.java +++ b/server/src/com/vaadin/ui/Table.java @@ -69,6 +69,7 @@ import com.vaadin.shared.util.SharedUtil; import com.vaadin.ui.declarative.DesignAttributeHandler; import com.vaadin.ui.declarative.DesignContext; import com.vaadin.ui.declarative.DesignException; +import com.vaadin.ui.declarative.DesignFormatter; import com.vaadin.util.ReflectTools; /** @@ -279,7 +280,7 @@ public class Table extends AbstractSelect implements Action.Container, ICON_ONLY(ItemCaptionMode.ICON_ONLY), /** * Row caption mode: Item captions are read from property specified with - * {@link #setItemCaptionPropertyId(Object)}. + * {@link #setItemCaptionPropertyId(Object)} . */ PROPERTY(ItemCaptionMode.PROPERTY); @@ -2055,7 +2056,9 @@ public class Table extends AbstractSelect implements Action.Container, } else if (minPageBufferIndex < pageBufferFirstIndex) { newCachedRowCount -= pageBufferFirstIndex - minPageBufferIndex; } - /* calculate the internal location of the new rows within the new cache */ + /* + * calculate the internal location of the new rows within the new cache + */ int firstIndexInNewPageBuffer = firstIndex - pageBufferFirstIndex - rowsFromBeginning; @@ -6199,7 +6202,8 @@ public class Table extends AbstractSelect implements Action.Container, } Iterator<?> propertyIt = propertyIds.iterator(); for (Element e : elems) { - String columnValue = e.html(); + String columnValue = DesignFormatter.unencodeFromTextNode(e + .html()); Object propertyId = propertyIt.next(); if (header) { setColumnHeader(propertyId, columnValue); @@ -6240,7 +6244,7 @@ public class Table extends AbstractSelect implements Action.Container, } Object[] data = new String[cells.size()]; for (int c = 0; c < cells.size(); ++c) { - data[c] = cells.get(c).html(); + data[c] = DesignFormatter.unencodeFromTextNode(cells.get(c).html()); } Object itemId = addItem(data, diff --git a/server/src/com/vaadin/ui/TextArea.java b/server/src/com/vaadin/ui/TextArea.java index b4dfb209e8..75ecc19d40 100644 --- a/server/src/com/vaadin/ui/TextArea.java +++ b/server/src/com/vaadin/ui/TextArea.java @@ -21,6 +21,7 @@ import org.jsoup.nodes.Element; import com.vaadin.data.Property; import com.vaadin.shared.ui.textarea.TextAreaState; import com.vaadin.ui.declarative.DesignContext; +import com.vaadin.ui.declarative.DesignFormatter; /** * A text field that supports multi line editing. @@ -145,7 +146,7 @@ public class TextArea extends AbstractTextField { @Override public void readDesign(Element design, DesignContext designContext) { super.readDesign(design, designContext); - setValue(design.html()); + setValue(DesignFormatter.unencodeFromTextNode(design.html())); } /* @@ -157,7 +158,7 @@ public class TextArea extends AbstractTextField { @Override public void writeDesign(Element design, DesignContext designContext) { super.writeDesign(design, designContext); - design.html(getValue()); + design.html(DesignFormatter.encodeForTextNode(getValue())); } @Override diff --git a/server/src/com/vaadin/ui/declarative/DesignFormatter.java b/server/src/com/vaadin/ui/declarative/DesignFormatter.java index 73c45caed4..db901329cb 100644 --- a/server/src/com/vaadin/ui/declarative/DesignFormatter.java +++ b/server/src/com/vaadin/ui/declarative/DesignFormatter.java @@ -28,12 +28,15 @@ import java.util.Set; import java.util.TimeZone; import java.util.concurrent.ConcurrentHashMap; +import org.jsoup.parser.Parser; + import com.vaadin.data.util.converter.Converter; import com.vaadin.data.util.converter.StringToBigDecimalConverter; import com.vaadin.data.util.converter.StringToDoubleConverter; import com.vaadin.data.util.converter.StringToFloatConverter; import com.vaadin.event.ShortcutAction; import com.vaadin.server.Resource; +import com.vaadin.ui.AbstractSelect; import com.vaadin.ui.declarative.converters.DesignDateConverter; import com.vaadin.ui.declarative.converters.DesignEnumConverter; import com.vaadin.ui.declarative.converters.DesignObjectConverter; @@ -360,4 +363,52 @@ public class DesignFormatter implements Serializable { return findConverterFor(sourceType, false); } + /** + * <p> + * Encodes <em>some</em> special characters in a given input String to make + * it ready to be written as contents of a text node. WARNING: this will + * e.g. encode "<someTag>" to "&lt;someTag&gt;" as this method + * doesn't do any parsing and assumes that there are no intended HTML + * elements in the input. Only some entities are actually encoded: + * &,<, > It's assumed that other entities are taken care of by + * Jsoup. + * </p> + * <p> + * Typically, this method will be used by components to encode data (like + * option items in {@link AbstractSelect}) when dumping to HTML format + * </p> + * + * @since + * @param input + * String to be encoded + * @return String with &,< and > replaced with their HTML entities + */ + public static String encodeForTextNode(String input) { + if (input == null) { + return null; + } + return input.replace("&", "&").replace(">", ">") + .replace("<", "<"); + } + + /** + * <p> + * Decodes HTML entities in a text from text node and replaces them with + * actual characters. + * </p> + * + * <p> + * Typically this method will be used by components to read back data (like + * option items in {@link AbstractSelect}) from HTML. Note that this method + * unencodes more characters than {@link #encodeForTextNode(String)} encodes + * </p> + * + * @since + * @param input + * @return + */ + public static String unencodeFromTextNode(String input) { + return Parser.unescapeEntities(input, false); + } + } |