Author: dolander Date: Mon Jan 17 11:04:32 2005 New Revision: 125433 URL: http://svn.apache.org/viewcvs?view=rev&rev=125433 Log: Add a encodeHtml property to the Tree tag. This will cause the label and content to be escaped for HTML.
Added: incubator/beehive/trunk/netui/test/webapps/drt/coreWeb/richTree/PageOne.html incubator/beehive/trunk/netui/test/webapps/drt/coreWeb/richTree/PageThree.html incubator/beehive/trunk/netui/test/webapps/drt/coreWeb/richTree/PageTwo.html incubator/beehive/trunk/netui/test/webapps/drt/coreWeb/richTree/encodeContent.jsp incubator/beehive/trunk/netui/test/webapps/drt/testRecorder/tests/RichTreeEncodeContent.xml Modified: incubator/beehive/trunk/netui/src/tags-html/org/apache/beehive/netui/tags/tree/Tree.java incubator/beehive/trunk/netui/test/webapps/drt/coreWeb/richTree/Controller.jpf incubator/beehive/trunk/netui/test/webapps/drt/coreWeb/richTree/index.jsp incubator/beehive/trunk/netui/test/webapps/drt/testRecorder/config/testRecorder-tests.xml Modified: incubator/beehive/trunk/netui/src/tags-html/org/apache/beehive/netui/tags/tree/Tree.java Url: http://svn.apache.org/viewcvs/incubator/beehive/trunk/netui/src/tags-html/org/apache/beehive/netui/tags/tree/Tree.java?view=diff&rev=125433&p1=incubator/beehive/trunk/netui/src/tags-html/org/apache/beehive/netui/tags/tree/Tree.java&r1=125432&p2=incubator/beehive/trunk/netui/src/tags-html/org/apache/beehive/netui/tags/tree/Tree.java&r2=125433 ============================================================================== --- incubator/beehive/trunk/netui/src/tags-html/org/apache/beehive/netui/tags/tree/Tree.java (original) +++ incubator/beehive/trunk/netui/src/tags-html/org/apache/beehive/netui/tags/tree/Tree.java Mon Jan 17 11:04:32 2005 @@ -114,7 +114,7 @@ private String _tagId; // tag that should uniquely indentify a tree. Required for multiple tree using auto expand private String[] _expanded = null; private boolean _runAtClient = false; // run at client - private boolean _escapeLabels = false; // esapce the content of labels + private boolean _escapeContent = false; // esapce the content of labels private boolean _outputJavaScript = false; // cause the base javascript support to be output private InheritableState _iState = new InheritableState(); @@ -385,13 +385,13 @@ /** * This attribue will cause the content of labels to be escaped when the value if <i>true</i>. * The default value is <i>false</i>. - * @param escapeLabels + * @param htmlEscape * @netui:attribute required="false" * description="When true the content of labels will be escaped for HTML." */ - public void setEscapeLabels(boolean escapeLabels) + public void setEscapeForHtml(boolean htmlEscape) { - _escapeLabels = escapeLabels; + _escapeContent = htmlEscape; } /** @@ -1012,6 +1012,12 @@ // Render the label for this node (if any) String label = node.getLabel(); if (label != null) { + if (_escapeContent) { + StringBuilder s = new StringBuilder(label.length() + 16); + StringBuilderRenderAppender sbAppend = new StringBuilderRenderAppender(sb); + HtmlUtils.filter(label, sbAppend); + label = s.toString(); + } sb.append(label); sb.append(" "); } @@ -1020,6 +1026,12 @@ // if there is content then we should render that here... String ctnt = node.getContent(); if (ctnt != null) { + if (_escapeContent) { + StringBuilder s = new StringBuilder(ctnt.length() + 16); + StringBuilderRenderAppender sbAppend = new StringBuilderRenderAppender(sb); + HtmlUtils.filter(ctnt, sbAppend); + ctnt = s.toString(); + } sb.append("\n "); sb.append(ctnt); } Modified: incubator/beehive/trunk/netui/test/webapps/drt/coreWeb/richTree/Controller.jpf Url: http://svn.apache.org/viewcvs/incubator/beehive/trunk/netui/test/webapps/drt/coreWeb/richTree/Controller.jpf?view=diff&rev=125433&p1=incubator/beehive/trunk/netui/test/webapps/drt/coreWeb/richTree/Controller.jpf&r1=125432&p2=incubator/beehive/trunk/netui/test/webapps/drt/coreWeb/richTree/Controller.jpf&r2=125433 ============================================================================== --- incubator/beehive/trunk/netui/test/webapps/drt/coreWeb/richTree/Controller.jpf (original) +++ incubator/beehive/trunk/netui/test/webapps/drt/coreWeb/richTree/Controller.jpf Mon Jan 17 11:04:32 2005 @@ -769,6 +769,7 @@ private TreeElement _tree17; private TreeElement _tree18; private TreeElement _tree19; + private TreeElement _tree20; private String _expand = " "; @@ -924,6 +925,14 @@ public void setTree19(TreeElement tn) { _tree19 = tn; } + + public TreeElement getTree20() { + return _tree20; + } + + public void setTree20(TreeElement tn) { + _tree20 = tn; + } //************************************************************************ @@ -1154,6 +1163,7 @@ _tree17 = null; _tree18 = null; _tree19 = null; + _tree20 = null; buildTrees(); return forward; @@ -1341,6 +1351,15 @@ @Jpf.Forward(name = "success", path = "href.jsp") }) protected Forward goHref() { + Forward success = new Forward("success"); + clearExpand(); + return success; + } + + @Jpf.Action(forwards = { + @Jpf.Forward(name = "success", path = "encodeContent.jsp") +}) + protected Forward goEncodeContent() { Forward success = new Forward("success"); clearExpand(); return success; Added: incubator/beehive/trunk/netui/test/webapps/drt/coreWeb/richTree/PageOne.html Url: http://svn.apache.org/viewcvs/incubator/beehive/trunk/netui/test/webapps/drt/coreWeb/richTree/PageOne.html?view=auto&rev=125433 ============================================================================== --- (empty file) +++ incubator/beehive/trunk/netui/test/webapps/drt/coreWeb/richTree/PageOne.html Mon Jan 17 11:04:32 2005 @@ -0,0 +1,7 @@ +<html> + <head> + </head> + <body> + <h4>Page One</h4> + </body> +</html> \ No newline at end of file Added: incubator/beehive/trunk/netui/test/webapps/drt/coreWeb/richTree/PageThree.html Url: http://svn.apache.org/viewcvs/incubator/beehive/trunk/netui/test/webapps/drt/coreWeb/richTree/PageThree.html?view=auto&rev=125433 ============================================================================== --- (empty file) +++ incubator/beehive/trunk/netui/test/webapps/drt/coreWeb/richTree/PageThree.html Mon Jan 17 11:04:32 2005 @@ -0,0 +1,7 @@ +<html> + <head> + </head> + <body> + <h4>Page Three</h4> + </body> +</html> \ No newline at end of file Added: incubator/beehive/trunk/netui/test/webapps/drt/coreWeb/richTree/PageTwo.html Url: http://svn.apache.org/viewcvs/incubator/beehive/trunk/netui/test/webapps/drt/coreWeb/richTree/PageTwo.html?view=auto&rev=125433 ============================================================================== --- (empty file) +++ incubator/beehive/trunk/netui/test/webapps/drt/coreWeb/richTree/PageTwo.html Mon Jan 17 11:04:32 2005 @@ -0,0 +1,7 @@ +<html> + <head> + </head> + <body> + <h4>Page Two</h4> + </body> +</html> \ No newline at end of file Added: incubator/beehive/trunk/netui/test/webapps/drt/coreWeb/richTree/encodeContent.jsp Url: http://svn.apache.org/viewcvs/incubator/beehive/trunk/netui/test/webapps/drt/coreWeb/richTree/encodeContent.jsp?view=auto&rev=125433 ============================================================================== --- (empty file) +++ incubator/beehive/trunk/netui/test/webapps/drt/coreWeb/richTree/encodeContent.jsp Mon Jan 17 11:04:32 2005 @@ -0,0 +1,66 @@ +<%@ page language="java" contentType="text/html;charset=UTF-8"%> +<%@ taglib uri="beehive-netui-tags-html.tld" prefix="netui"%> +<netui:html> + <head> + <title>encodeContent.jsp</title> + <link href="style.css" rel="stylesheet" type="text/css"> + <netui:scriptHeader treeSupport='true'/> + <style type="text/css"> + .alien { + position: absolute; + left: 170pt; + } + .leaf { + font-family: "new century schoolbook", serif ; + font-size: 10pt; + color: #c90000; + } + .container { + font-family: "new century schoolbook", serif ; + font-size: 12pt; + color: #990000; + } + </style> + <netui:base/> + </head> + <netui:body> + <h4 class="title"><netui:anchor action="begin" styleClass="homeAnchor">Home</netui:anchor>encodeContent.jsp [goEncodeContent.do] </h4> + <!-- Attribute Information --> + <div style='float:left;width:300px'> + <table cellpadding="2" cellspacing="0" border="1" width="300px"> + <tr><th>Creation</th><td>Static</td></tr> + <tr><th>tree</th><td>{pageFlow.tree20}</td></tr> + <tr><th>action</th><td>postback</td></tr> + <tr><th>runAtClient</th><td>false</td></tr> + </table> + </div> + <!-- Postback information --> + <div style='float:right;width:250px;border:solid 1pt gray;margin:2 4;'> + <p style="font-weight:bold;text-align:center;margin: 0;padding:0;">Tree Postback Information</p> + <table cellpadding='0' cellspacing='2' width="100%"> + <tr><th style="text-align:right" width="100pt">Expand:</th><td><netui:content value="${pageFlow.expand}"/></td></tr> + <tr><th style="text-align:right" width="100pt">Selection:</th><td><netui:content value="${pageFlow.node}"/></td></tr> + </table> + </div> + Verify that both the content and label may be encoded for HTML during tree + processing. In the tree node below both the label and content contains JavaScript + which will causes an alert in the browser if not encoded. + <hr style="clear:left"> + <div class="content"> + <netui:tree dataSource="pageFlow.tree20" selectionAction="postback" tagId="tree" escapeForHtml="true"> + <netui:treeItem expanded="true"> + <netui:treeLabel>JavaScript: + <script language="JavaScript" type="text/JavaScript"> + alert("Label Script"); + </script> + </netui:treeLabel> + <netui:treeContent>Content with JavaScript: + <script language="JavaScript" type="text/JavaScript"> + alert("Content Script"); + </script> + </netui:treeContent> + </netui:treeItem> + </netui:tree> + </div> + </netui:body> +</netui:html> Modified: incubator/beehive/trunk/netui/test/webapps/drt/coreWeb/richTree/index.jsp Url: http://svn.apache.org/viewcvs/incubator/beehive/trunk/netui/test/webapps/drt/coreWeb/richTree/index.jsp?view=diff&rev=125433&p1=incubator/beehive/trunk/netui/test/webapps/drt/coreWeb/richTree/index.jsp&r1=125432&p2=incubator/beehive/trunk/netui/test/webapps/drt/coreWeb/richTree/index.jsp&r2=125433 ============================================================================== --- incubator/beehive/trunk/netui/test/webapps/drt/coreWeb/richTree/index.jsp (original) +++ incubator/beehive/trunk/netui/test/webapps/drt/coreWeb/richTree/index.jsp Mon Jan 17 11:04:32 2005 @@ -23,6 +23,7 @@ <li><netui:anchor action="goOverride">Override tree attributes</netui:anchor> -- [tree17] Override tree attributes</li> <li><netui:anchor action="goOverrideTwo">Override tree attributes two</netui:anchor> -- [tree18] Override the whole tree actions from the root</li> <li><netui:anchor action="goHref">Verify Href</netui:anchor> -- [tree19] Verify that HRefs and target work</li> + <li><netui:anchor action="goEncodeContent">Encode Content</netui:anchor> -- [tree20] Verify that HRefs and target work</li> </ul> <h4>Client Side Support</h4> <ul> Modified: incubator/beehive/trunk/netui/test/webapps/drt/testRecorder/config/testRecorder-tests.xml Url: http://svn.apache.org/viewcvs/incubator/beehive/trunk/netui/test/webapps/drt/testRecorder/config/testRecorder-tests.xml?view=diff&rev=125433&p1=incubator/beehive/trunk/netui/test/webapps/drt/testRecorder/config/testRecorder-tests.xml&r1=125432&p2=incubator/beehive/trunk/netui/test/webapps/drt/testRecorder/config/testRecorder-tests.xml&r2=125433 ============================================================================== --- incubator/beehive/trunk/netui/test/webapps/drt/testRecorder/config/testRecorder-tests.xml (original) +++ incubator/beehive/trunk/netui/test/webapps/drt/testRecorder/config/testRecorder-tests.xml Mon Jan 17 11:04:32 2005 @@ -5073,6 +5073,20 @@ </features> </test> <test> + <name>RichTreeEncodeContent</name> + <description>Verification test of escaping for HTML content and label</description> + <webapp>coreWeb</webapp> + <categories> + <category>bvt</category> + <category>bvt.struts11</category> + <category>trees</category> + </categories> + <features> + <feature>Tree</feature> + <feature>escapeForHtml</feature> + </features> + </test> + <test> <name>RichTreeHref</name> <description>Test of the Href and Target attributes</description> <webapp>coreWeb</webapp> Added: incubator/beehive/trunk/netui/test/webapps/drt/testRecorder/tests/RichTreeEncodeContent.xml Url: http://svn.apache.org/viewcvs/incubator/beehive/trunk/netui/test/webapps/drt/testRecorder/tests/RichTreeEncodeContent.xml?view=auto&rev=125433 ============================================================================== --- (empty file) +++ incubator/beehive/trunk/netui/test/webapps/drt/testRecorder/tests/RichTreeEncodeContent.xml Mon Jan 17 11:04:32 2005 @@ -0,0 +1,140 @@ +<?xml version="1.0" encoding="UTF-8"?> +<ses:recorderSession xmlns:ses="http://beehive.apache.org/netui/tools/testrecorder/2004/session";> + <ses:sessionName>RichTreeEncodeContent</ses:sessionName> + <ses:tester>Daryl</ses:tester> + <ses:startDate>17 Jan 2005, 10:40:59.633 AM MST</ses:startDate> + <ses:description>Verify that we can escape for HTML labels and content</ses:description> + <ses:tests> + <ses:test> + <ses:testNumber>1</ses:testNumber> + <ses:request> + <ses:protocol>HTTP</ses:protocol> + <ses:protocolVersion>1.1</ses:protocolVersion> + <ses:host>localhost</ses:host> + <ses:port>8080</ses:port> + <ses:uri>/coreWeb/richTree/encodeContent.jsp</ses:uri> + <ses:method>GET</ses:method> + <ses:parameters/> + <ses:cookies> + <ses:cookie> + <ses:name>JSESSIONID</ses:name> + <ses:value>5421E1B7CC9FAEFF2B0A9A8F469AB805</ses:value> + </ses:cookie> + </ses:cookies> + <ses:headers> + <ses:header> + <ses:name>accept</ses:name> + <ses:value>text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5</ses:value> + </ses:header> + <ses:header> + <ses:name>accept-charset</ses:name> + <ses:value>ISO-8859-1,utf-8;q=0.7,*;q=0.7</ses:value> + </ses:header> + <ses:header> + <ses:name>accept-encoding</ses:name> + <ses:value>gzip,deflate</ses:value> + </ses:header> + <ses:header> + <ses:name>accept-language</ses:name> + <ses:value>en-us,en;q=0.5</ses:value> + </ses:header> + <ses:header> + <ses:name>connection</ses:name> + <ses:value>keep-alive</ses:value> + </ses:header> + <ses:header> + <ses:name>cookie</ses:name> + <ses:value>JSESSIONID=5421E1B7CC9FAEFF2B0A9A8F469AB805</ses:value> + </ses:header> + <ses:header> + <ses:name>host</ses:name> + <ses:value>localhost:8080</ses:value> + </ses:header> + <ses:header> + <ses:name>keep-alive</ses:name> + <ses:value>300</ses:value> + </ses:header> + <ses:header> + <ses:name>user-agent</ses:name> + <ses:value>Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0</ses:value> + </ses:header> + </ses:headers> + </ses:request> + <ses:response> + <ses:statusCode>200</ses:statusCode> + <ses:reason/> + <ses:responseBody><![CDATA[<!DOCTYPE HTML PUBLIC "//W3C//DTD HTML 4.01 Transitional//EN" + "http://www.w3.org/TR/html4/loose.dtd";> +<html lang="en"> + + <head> + <title>encodeContent.jsp</title> + <link href="style.css" rel="stylesheet" type="text/css"> + + <script src="/coreWeb/resources/beehive/version1/javascript/netui-tree.js"></script> + <style type="text/css"> + .alien { + position: absolute; + left: 170pt; + } + .leaf { + font-family: "new century schoolbook", serif ; + font-size: 10pt; + color: #c90000; + } + .container { + font-family: "new century schoolbook", serif ; + font-size: 12pt; + color: #990000; + } + </style> + <base href="http://localhost:8080/coreWeb/richTree/encodeContent.jsp";> + </head> + <body> + <h4 class="title"><a href="/coreWeb/richTree/begin.do" class="homeAnchor">Home</a>encodeContent.jsp [goEncodeContent.do] </h4> + <!-- Attribute Information --> + <div style='float:left;width:300px'> + <table cellpadding="2" cellspacing="0" border="1" width="300px"> + <tr><th>Creation</th><td>Static</td></tr> + <tr><th>tree</th><td>{pageFlow.tree20}</td></tr> + <tr><th>action</th><td>postback</td></tr> + <tr><th>runAtClient</th><td>false</td></tr> + </table> + </div> + <!-- Postback information --> + <div style='float:right;width:250px;border:solid 1pt gray;margin:2 4;'> + <p style="font-weight:bold;text-align:center;margin: 0;padding:0;">Tree Postback Information</p> + <table cellpadding='0' cellspacing='2' width="100%"> + <tr><th style="text-align:right" width="100pt">Expand:</th><td> </td></tr> + <tr><th style="text-align:right" width="100pt">Selection:</th><td> </td></tr> + </table> + </div> + Verify that both the content and label may be encoded for HTML during tree + processing. In the tree node below both the label and content contains JavaScript + which will causes an alert in the browser if not encoded. + <hr style="clear:left"> + <div class="content"> + <div> + <div> + <img src="/coreWeb/resources/images/linelastnode.gif" style="vertical-align:middle;" border="0" alt=""> + <a href="/coreWeb/richTree/postback.do?netui_treeselected=0&netui_treeid=tree"> <img src="/coreWeb/resources/images/folder_16_pad.gif" style="vertical-align:middle" border="0" alt="Tree Node"> JavaScript: + <script language="JavaScript" type="text/JavaScript"> + alert("Label Script"); + </script> </a>Content with JavaScript: + <script language="JavaScript" type="text/JavaScript"> + alert("Content Script"); + </script> + + </div> +</div> + + </div> + </body> + +</html>]]></ses:responseBody> + </ses:response> + </ses:test> + </ses:tests> + <ses:endDate>17 Jan 2005, 10:41:08.896 AM MST</ses:endDate> + <ses:testCount>1</ses:testCount> +</ses:recorderSession> \ No newline at end of file
