Repository: asterixdb Updated Branches: refs/heads/master 27a75d708 -> 52528555e
[ASTERIXDB-2047][UI] Escape special entities in HTML result delivery - user model changes: no - storage format changes: no - interface changes: no Details: - Escape HTML special entities to make sure we don't have fancy HTML style display with user data. Change-Id: I7aa05fe39b7a1f755574c4f49fd9694239078586 Reviewed-on: https://asterix-gerrit.ics.uci.edu/1949 Sonar-Qube: Jenkins <[email protected]> Tested-by: Jenkins <[email protected]> Contrib: Jenkins <[email protected]> Reviewed-by: Till Westmann <[email protected]> Integration-Tests: Jenkins <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/asterixdb/repo Commit: http://git-wip-us.apache.org/repos/asf/asterixdb/commit/52528555 Tree: http://git-wip-us.apache.org/repos/asf/asterixdb/tree/52528555 Diff: http://git-wip-us.apache.org/repos/asf/asterixdb/diff/52528555 Branch: refs/heads/master Commit: 52528555e1f18a41a9ea55b8cf19d1f382be795d Parents: 27a75d7 Author: Xikui Wang <[email protected]> Authored: Wed Aug 23 10:32:24 2017 -0700 Committer: Xikui Wang <[email protected]> Committed: Wed Aug 23 17:09:36 2017 -0700 ---------------------------------------------------------------------- .../asterix/api/http/server/ResultUtil.java | 27 ++++++++------------ .../asterix/app/result/ResultPrinter.java | 4 +++ 2 files changed, 15 insertions(+), 16 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/asterixdb/blob/52528555/asterixdb/asterix-app/src/main/java/org/apache/asterix/api/http/server/ResultUtil.java ---------------------------------------------------------------------- diff --git a/asterixdb/asterix-app/src/main/java/org/apache/asterix/api/http/server/ResultUtil.java b/asterixdb/asterix-app/src/main/java/org/apache/asterix/api/http/server/ResultUtil.java index fa2f667..72d82e0 100644 --- a/asterixdb/asterix-app/src/main/java/org/apache/asterix/api/http/server/ResultUtil.java +++ b/asterixdb/asterix-app/src/main/java/org/apache/asterix/api/http/server/ResultUtil.java @@ -24,14 +24,11 @@ import java.io.InputStream; import java.io.InputStreamReader; import java.io.PrintWriter; import java.io.StringWriter; -import java.util.AbstractMap; +import java.util.Arrays; import java.util.Collections; -import java.util.Map; -import java.util.Map.Entry; +import java.util.List; import java.util.regex.Matcher; import java.util.regex.Pattern; -import java.util.stream.Collectors; -import java.util.stream.Stream; import org.apache.asterix.app.result.ResultHandle; import org.apache.asterix.app.result.ResultPrinter; @@ -41,6 +38,7 @@ import org.apache.asterix.lang.aql.parser.TokenMgrError; import org.apache.asterix.om.types.ARecordType; import org.apache.asterix.translator.IStatementExecutor.Stats; import org.apache.asterix.translator.SessionOutput; +import org.apache.commons.lang3.tuple.Pair; import org.apache.http.ParseException; import org.apache.hyracks.algebricks.common.exceptions.AlgebricksException; import org.apache.hyracks.algebricks.core.algebra.prettyprint.AlgebricksAppendable; @@ -55,10 +53,9 @@ import com.fasterxml.jackson.databind.node.ObjectNode; public class ResultUtil { private static final Logger LOGGER = Logger.getLogger(ResultUtil.class.getName()); - public static final Map<Character, String> HTML_ENTITIES = Collections.unmodifiableMap(Stream.of( - new AbstractMap.SimpleImmutableEntry<>('"', """), new AbstractMap.SimpleImmutableEntry<>('&', "&"), - new AbstractMap.SimpleImmutableEntry<>('<', "<"), new AbstractMap.SimpleImmutableEntry<>('>', ">")) - .collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue))); + public static final List<Pair<Character, String>> HTML_ENTITIES = Collections.unmodifiableList( + Arrays.asList(Pair.of('&', "&"), Pair.of('"', """), Pair.of('<', "<"), Pair.of('>', ">"), + Pair.of('\'', "'"))); private ResultUtil() { } @@ -71,7 +68,7 @@ public class ResultUtil { */ public static String escapeHTML(String aString) { String escaped = aString; - for (Entry<Character, String> entry : HTML_ENTITIES.entrySet()) { + for (Pair<Character, String> entry : HTML_ENTITIES) { if (escaped.indexOf(entry.getKey()) >= 0) { escaped = escaped.replace(entry.getKey().toString(), entry.getValue()); } @@ -209,8 +206,8 @@ public class ResultUtil { errorCode = 4; } - ObjectNode errorResp = ResultUtil.getErrorResponse(errorCode, extractErrorMessage(e), extractErrorSummary(e), - extractFullStackTrace(e)); + ObjectNode errorResp = ResultUtil + .getErrorResponse(errorCode, extractErrorMessage(e), extractErrorSummary(e), extractFullStackTrace(e)); out.write(errorResp.toString()); } @@ -304,10 +301,8 @@ public class ResultUtil { * Read the template file which is stored as a resource and return its content. If the file does not exist or is * not readable return the default template string. * - * @param path - * The path to the resource template file - * @param defaultTemplate - * The default template string if the template file does not exist or is not readable + * @param path The path to the resource template file + * @param defaultTemplate The default template string if the template file does not exist or is not readable * @return The template string to be used to render the output. */ //TODO(till|amoudi|mblow|yingyi|ceej|imaxon): path is ignored completely!! http://git-wip-us.apache.org/repos/asf/asterixdb/blob/52528555/asterixdb/asterix-app/src/main/java/org/apache/asterix/app/result/ResultPrinter.java ---------------------------------------------------------------------- diff --git a/asterixdb/asterix-app/src/main/java/org/apache/asterix/app/result/ResultPrinter.java b/asterixdb/asterix-app/src/main/java/org/apache/asterix/app/result/ResultPrinter.java index 56975d1..04ac0b3 100644 --- a/asterixdb/asterix-app/src/main/java/org/apache/asterix/app/result/ResultPrinter.java +++ b/asterixdb/asterix-app/src/main/java/org/apache/asterix/app/result/ResultPrinter.java @@ -24,6 +24,7 @@ import java.io.IOException; import java.io.StringWriter; import java.nio.ByteBuffer; +import org.apache.asterix.api.http.server.ResultUtil; import org.apache.asterix.common.api.IApplicationContext; import org.apache.asterix.om.types.ARecordType; import org.apache.asterix.translator.IStatementExecutor.Stats; @@ -180,6 +181,9 @@ public class ResultPrinter { // TODO(tillw): this is inefficient as well record = JSONUtil.quoteAndEscape(record); } + if (conf.is(SessionConfig.FORMAT_HTML)) { + record = ResultUtil.escapeHTML(record); + } output.out().print(record); stats.setCount(stats.getCount() + 1); // TODO(tillw) fix this approximation
