From ed7b6454e4c33c7b82c8d02c839727a16c2386fe Mon Sep 17 00:00:00 2001 From: Danny van Heumen Date: Fri, 1 Aug 2014 20:42:17 +0200 Subject: [PATCH] Escape html entities while parsing the IRC message. Now escapes html entities during the parsing of the message received from IRC and added a unit test for this requirement. Renamed format* methods to styleAs*, since this is more appropriate. --- .../protocol/irc/FormattedTextBuilder.java | 6 ++++ .../impl/protocol/irc/IrcStack.java | 16 ++++++---- .../communicator/impl/protocol/irc/Utils.java | 15 +++++----- .../protocol/irc/irc.provider.manifest.mf | 3 +- .../impl/protocol/irc/UtilsTest.java | 29 +++++++++---------- 5 files changed, 38 insertions(+), 31 deletions(-) diff --git a/src/net/java/sip/communicator/impl/protocol/irc/FormattedTextBuilder.java b/src/net/java/sip/communicator/impl/protocol/irc/FormattedTextBuilder.java index ed36cb027..18d750713 100644 --- a/src/net/java/sip/communicator/impl/protocol/irc/FormattedTextBuilder.java +++ b/src/net/java/sip/communicator/impl/protocol/irc/FormattedTextBuilder.java @@ -28,6 +28,9 @@ public class FormattedTextBuilder /** * Append a string of text. * + * Make sure that the text is safe for your purposes, as it is appended + * without further modifications. + * * @param text string of text */ public void append(final String text) @@ -38,6 +41,9 @@ public void append(final String text) /** * Append a character. * + * Make sure that the character is safe for your purposes, as it is appended + * without further modifications. + * * @param c character */ public void append(final char c) diff --git a/src/net/java/sip/communicator/impl/protocol/irc/IrcStack.java b/src/net/java/sip/communicator/impl/protocol/irc/IrcStack.java index fa1446fdb..28379455c 100644 --- a/src/net/java/sip/communicator/impl/protocol/irc/IrcStack.java +++ b/src/net/java/sip/communicator/impl/protocol/irc/IrcStack.java @@ -1259,7 +1259,8 @@ public void onError(final ErrorMessage msg) public void onUserPrivMessage(final UserPrivMsg msg) { final String user = msg.getSource().getNick(); - final String text = Utils.formatMessage(Utils.parseIrcMessage(msg.getText())); + final String text = + Utils.styleAsMessage(Utils.parseIrcMessage(msg.getText())); final MessageIrcImpl message = new MessageIrcImpl(text, OperationSetBasicInstantMessaging.HTML_MIME_TYPE, @@ -1302,7 +1303,7 @@ public void onUserNotice(final UserNotice msg) // Jitsi set up. final String user = msg.getSource().getNick(); final String text = - Utils.formatNotice(Utils.parseIrcMessage(msg.getText()), user); + Utils.styleAsNotice(Utils.parseIrcMessage(msg.getText()), user); final MessageIrcImpl message = new MessageIrcImpl(text, OperationSetBasicInstantMessaging.HTML_MIME_TYPE, @@ -1326,7 +1327,7 @@ public void onUserAction(final UserActionMsg msg) { final String user = msg.getSource().getNick(); final String text = - Utils.formatAction(Utils.parseIrcMessage(msg.getText()), user); + Utils.styleAsAction(Utils.parseIrcMessage(msg.getText()), user); final MessageIrcImpl message = new MessageIrcImpl(text, OperationSetBasicInstantMessaging.HTML_MIME_TYPE, @@ -1707,7 +1708,8 @@ public void onChannelMessage(final ChannelPrivMsg msg) return; } - String text = Utils.formatMessage(Utils.parseIrcMessage(msg.getText())); + String text = + Utils.styleAsMessage(Utils.parseIrcMessage(msg.getText())); MessageIrcImpl message = new MessageIrcImpl(text, "text/html", "UTF-8", null); ChatRoomMemberIrcImpl member = @@ -1736,7 +1738,8 @@ public void onChannelAction(final ChannelActionMsg msg) new ChatRoomMemberIrcImpl(IrcStack.this.provider, this.chatroom, userNick, ChatRoomMemberRole.MEMBER); String text = - Utils.formatAction(Utils.parseIrcMessage(msg.getText()), userNick); + Utils.styleAsAction(Utils.parseIrcMessage(msg.getText()), + userNick); MessageIrcImpl message = new MessageIrcImpl(text, "text/html", "UTF-8", null); this.chatroom.fireMessageReceivedEvent(message, member, new Date(), @@ -1761,7 +1764,8 @@ public void onChannelNotice(final ChannelNotice msg) new ChatRoomMemberIrcImpl(IrcStack.this.provider, this.chatroom, userNick, ChatRoomMemberRole.MEMBER); final String text = - Utils.formatNotice(Utils.parseIrcMessage(msg.getText()), userNick); + Utils.styleAsNotice(Utils.parseIrcMessage(msg.getText()), + userNick); final MessageIrcImpl message = new MessageIrcImpl(text, "text/html", "UTF-8", null); this.chatroom.fireMessageReceivedEvent(message, member, new Date(), diff --git a/src/net/java/sip/communicator/impl/protocol/irc/Utils.java b/src/net/java/sip/communicator/impl/protocol/irc/Utils.java index 00550aabb..d033947d5 100644 --- a/src/net/java/sip/communicator/impl/protocol/irc/Utils.java +++ b/src/net/java/sip/communicator/impl/protocol/irc/Utils.java @@ -8,6 +8,8 @@ import net.java.sip.communicator.util.*; +import org.apache.commons.lang3.*; + /** * Some IRC-related utility methods. * @@ -114,8 +116,8 @@ public static String parseIrcMessage(final String text) builder.cancelAll(); break; default: - // value is a normal character, just append - builder.append(val); + // value is a normal character, escape html entities and append + builder.append(StringEscapeUtils.escapeHtml4("" + val)); break; } } @@ -192,9 +194,8 @@ private static Color parseForegroundColor(final String text) * @param message original IRC message * @return returns HTML-formatted normal message */ - public static String formatMessage(final String message) + public static String styleAsMessage(final String message) { - // FIXME html entity encoding return message; } @@ -205,9 +206,8 @@ public static String formatMessage(final String message) * @param user user nick name * @return returns HTML-formatted notice */ - public static String formatNotice(final String message, final String user) + public static String styleAsNotice(final String message, final String user) { - // FIXME html entity encoding return "" + user + ": " + message; } @@ -218,9 +218,8 @@ public static String formatNotice(final String message, final String user) * @param user user nick name * @return returns HTML-formatted action */ - public static String formatAction(final String message, final String user) + public static String styleAsAction(final String message, final String user) { - // FIXME html entity encoding return "*" + user + " " + message; } } diff --git a/src/net/java/sip/communicator/impl/protocol/irc/irc.provider.manifest.mf b/src/net/java/sip/communicator/impl/protocol/irc/irc.provider.manifest.mf index 341d3ad0f..a28001a7c 100644 --- a/src/net/java/sip/communicator/impl/protocol/irc/irc.provider.manifest.mf +++ b/src/net/java/sip/communicator/impl/protocol/irc/irc.provider.manifest.mf @@ -21,4 +21,5 @@ Import-Package: org.osgi.framework, com.ircclouds.irc.api.domain.messages, com.ircclouds.irc.api.domain.messages.interfaces, com.ircclouds.irc.api.listeners, - com.ircclouds.irc.api.state + com.ircclouds.irc.api.state, + org.apache.commons.lang3 diff --git a/test/net/java/sip/communicator/impl/protocol/irc/UtilsTest.java b/test/net/java/sip/communicator/impl/protocol/irc/UtilsTest.java index b38454ef9..92b6ed8e2 100644 --- a/test/net/java/sip/communicator/impl/protocol/irc/UtilsTest.java +++ b/test/net/java/sip/communicator/impl/protocol/irc/UtilsTest.java @@ -14,16 +14,6 @@ public class UtilsTest extends TestCase { - protected void setUp() throws Exception - { - super.setUp(); - } - - protected void tearDown() throws Exception - { - super.tearDown(); - } - public void testNullText() { Assert.assertEquals(null, Utils.parseIrcMessage(null)); @@ -183,26 +173,33 @@ public void testCancelColorFormat() final String htmlMessage = "With color and without color."; Assert.assertEquals(htmlMessage, Utils.parseIrcMessage(ircMessage)); } + + public void testMessageContainingHtmlEntities() + { + final String ircMessage = "\u0002This is very bad &&& text!!!