[felix-dev] branch master updated: FELIX-6628 : Migrate http webconsoleplugin to Jakarta Servlet API

cziegeler Thu, 17 Aug 2023 21:55:09 -0700

This is an automated email from the ASF dual-hosted git repository.

cziegeler pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/felix-dev.git



The following commit(s) were added to refs/heads/master by this push:
     new 3290b36803 FELIX-6628 : Migrate http webconsoleplugin to Jakarta 
Servlet API
3290b36803 is described below

commit 3290b36803e1cc5ec9fa2db0f439c12cfde3584a
Author: Carsten Ziegeler <[email protected]>
AuthorDate: Fri Aug 18 06:54:55 2023 +0200

    FELIX-6628 : Migrate http webconsoleplugin to Jakarta Servlet API
---
 http/webconsoleplugin/pom.xml                      | 22 ++++++---
 .../http/webconsoleplugin/impl/Activator.java      |  2 +-
 .../webconsoleplugin/impl/HttpServicePlugin.java   | 57 ++++++----------------
 3 files changed, 33 insertions(+), 48 deletions(-)

diff --git a/http/webconsoleplugin/pom.xml b/http/webconsoleplugin/pom.xml
index c40073a685..f683b8acac 100644
--- a/http/webconsoleplugin/pom.xml
+++ b/http/webconsoleplugin/pom.xml
@@ -36,14 +36,18 @@
         
<developerConnection>scm:git:https://github.com/apache/felix-dev.git</developerConnection>
         <url>https://gitbox.apache.org/repos/asf?p=felix-dev.git</url>
       <tag>HEAD</tag>
-  </scm>
+   </scm>
+
+    <properties>
+        <servlet.api>5.0.0</servlet.api>
+    </properties>
 
     <build>
         <plugins>
             <plugin>
                 <groupId>org.apache.felix</groupId>
                 <artifactId>maven-bundle-plugin</artifactId>
-                <version>5.1.4</version>
+                <version>5.1.9</version>
                 <extensions>true</extensions>
             </plugin>
         </plugins>
@@ -63,13 +67,19 @@
         <dependency>
             <groupId>org.osgi</groupId>
             <artifactId>org.osgi.service.servlet</artifactId>
-           <version>2.0.0</version>
+            <version>2.0.0</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>jakarta.servlet</groupId>
+            <artifactId>jakarta.servlet-api</artifactId>
+            <version>${servlet.api}</version>
             <scope>provided</scope>
         </dependency>
         <dependency>
-            <groupId>javax.servlet</groupId>
-            <artifactId>javax.servlet-api</artifactId>
-            <version>3.0.1</version>
+            <groupId>org.owasp.encoder</groupId>
+            <artifactId>encoder</artifactId>
+            <version>1.2.3</version>
             <scope>provided</scope>
         </dependency>
     </dependencies>
diff --git 
a/http/webconsoleplugin/src/main/java/org/apache/felix/http/webconsoleplugin/impl/Activator.java
 
b/http/webconsoleplugin/src/main/java/org/apache/felix/http/webconsoleplugin/impl/Activator.java
index 87eb3ad43d..605dcf5e04 100644
--- 
a/http/webconsoleplugin/src/main/java/org/apache/felix/http/webconsoleplugin/impl/Activator.java
+++ 
b/http/webconsoleplugin/src/main/java/org/apache/felix/http/webconsoleplugin/impl/Activator.java
@@ -21,7 +21,7 @@ package org.apache.felix.http.webconsoleplugin.impl;
 import java.util.Dictionary;
 import java.util.Hashtable;
 
-import javax.servlet.Servlet;
+import jakarta.servlet.Servlet;
 
 import org.osgi.annotation.bundle.Header;
 import org.osgi.framework.BundleActivator;
diff --git 
a/http/webconsoleplugin/src/main/java/org/apache/felix/http/webconsoleplugin/impl/HttpServicePlugin.java
 
b/http/webconsoleplugin/src/main/java/org/apache/felix/http/webconsoleplugin/impl/HttpServicePlugin.java
index accdf78ba1..10ba2fc0e8 100644
--- 
a/http/webconsoleplugin/src/main/java/org/apache/felix/http/webconsoleplugin/impl/HttpServicePlugin.java
+++ 
b/http/webconsoleplugin/src/main/java/org/apache/felix/http/webconsoleplugin/impl/HttpServicePlugin.java
@@ -28,10 +28,10 @@ import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.osgi.framework.BundleContext;
 import org.osgi.framework.Constants;
@@ -54,6 +54,7 @@ import org.osgi.service.servlet.runtime.dto.ResourceDTO;
 import org.osgi.service.servlet.runtime.dto.RuntimeDTO;
 import org.osgi.service.servlet.runtime.dto.ServletContextDTO;
 import org.osgi.service.servlet.runtime.dto.ServletDTO;
+import org.owasp.encoder.Encode;
 
 /**
  * This is a web console plugin.
@@ -72,32 +73,6 @@ public class HttpServicePlugin extends HttpServlet {
         this.runtime = runtime;
     }
 
-    /** Escape xml text */
-    private static String escapeXml(final String input) {
-        if (input == null) {
-            return null;
-        }
-
-        final StringBuilder b = new StringBuilder(input.length());
-        for(int i = 0;i  < input.length(); i++) {
-            final char c = input.charAt(i);
-            if(c == '&') {
-                b.append("&amp;");
-            } else if(c == '<') {
-                b.append("&lt;");
-            } else if(c == '>') {
-                b.append("&gt;");
-            } else if(c == '"') {
-                b.append("&quot;");
-            } else if(c == '\'') {
-                b.append("&apos;");
-            } else {
-                b.append(c);
-            }
-        }
-        return b.toString();
-    }
-
     @Override
     protected void doPost(HttpServletRequest request,
             HttpServletResponse response) throws ServletException, IOException 
{
@@ -219,7 +194,7 @@ public class HttpServicePlugin extends HttpServlet {
         pw.print("'>");
         pw.print("<input type='text' name='" + ATTR_TEST + "' value='");
         if (value != null) {
-            pw.print(escapeXml(value));
+            pw.print(Encode.forHtmlAttribute(value));
         }
         pw.println("' class='input' size='50'>");
         pw.println("&nbsp;&nbsp;<input type='submit' name='" + ATTR_SUBMIT
@@ -232,7 +207,7 @@ public class HttpServicePlugin extends HttpServlet {
             pw.println("<tr class='content'>");
             pw.println("<td class='content'>&nbsp;</td>");
             pw.print("<td class='content' colspan='2'>");
-            pw.print(escapeXml(msg));
+            pw.print(Encode.forHtmlContent(msg));
             pw.println("</td>");
             pw.println("</tr>");
         }
@@ -307,7 +282,7 @@ public class HttpServicePlugin extends HttpServlet {
         for(final String val : columns) {
             pw.print("<td>");
             if ( val != null ) {
-                String text = escapeXml(val).replace("\n", "<br/>");
+                String text = Encode.forHtmlContent(val).replace("\n", 
"<br/>");
                 int pos;
                 while ( (pos = text.indexOf("${#link:")) != -1) {
                     final int endPos = text.indexOf("}", pos);
@@ -348,7 +323,7 @@ public class HttpServicePlugin extends HttpServlet {
 
     private void printContextDetails(final PrintWriter pw, final 
ServletContextDTO dto) {
         pw.print("<p class=\"statline ui-state-highlight\">${Servlet Context} 
'");
-        pw.print(escapeXml(dto.name));
+        pw.print(Encode.forHtmlContent(dto.name));
         pw.println("'</p>");
 
         pw.println("<table class=\"nicetable\">");
@@ -374,7 +349,7 @@ public class HttpServicePlugin extends HttpServlet {
 
     private void printFailedContextDetails(final PrintWriter pw, final 
FailedServletContextDTO dto) {
         pw.print("<p class=\"statline ui-state-highlight\">${Servlet Context} 
'");
-        pw.print(escapeXml(dto.name));
+        pw.print(Encode.forHtmlContent(dto.name));
         pw.println("'</p>");
 
         pw.println("<table class=\"nicetable\">");
@@ -386,7 +361,7 @@ public class HttpServicePlugin extends HttpServlet {
         pw.println("</tr></thead>");
         odd = printRow(pw, odd, "${Path}",
                 dto.contextPath == null ? dto.contextPath : 
getContextPath(dto.contextPath));
-        odd = printRow(pw, odd, "${reason}", 
escapeXml(getErrorText(dto.failureReason)));
+        odd = printRow(pw, odd, "${reason}", getErrorText(dto.failureReason));
         odd = printRow(pw, odd, "${service.id}", 
String.valueOf(dto.serviceId));
         pw.println("</table>");
     }
@@ -407,7 +382,7 @@ public class HttpServicePlugin extends HttpServlet {
             return;
         }
         pw.print("<p class=\"statline ui-state-highlight\">${Servlet Context} 
'");
-        pw.print(escapeXml(dto.name));
+        pw.print(Encode.forHtmlContent(dto.name));
         pw.println("' ${Registered Filter Services}</p>");
 
         pw.println("<table class=\"nicetable\">");
@@ -528,7 +503,7 @@ public class HttpServicePlugin extends HttpServlet {
             return;
         }
         pw.print("<p class=\"statline ui-state-highlight\">${Servlet Context} 
'");
-        pw.print(escapeXml(dto.name));
+        pw.print(Encode.forHtmlContent(dto.name));
         pw.println("' ${Registered Servlet Services}</p>");
 
         pw.println("<table class=\"nicetable\">");
@@ -607,7 +582,7 @@ public class HttpServicePlugin extends HttpServlet {
             return;
         }
         pw.print("<p class=\"statline ui-state-highlight\">${Servlet Context} 
'");
-        pw.print(escapeXml(dto.name));
+        pw.print(Encode.forHtmlContent(dto.name));
         pw.println("' ${Registered Resource Services}</p>");
 
         pw.println("<table class=\"nicetable\">");
@@ -684,7 +659,7 @@ public class HttpServicePlugin extends HttpServlet {
             return;
         }
         pw.print("<p class=\"statline ui-state-highlight\">${Servlet Context} 
'");
-        pw.print(escapeXml(dto.name));
+        pw.print(Encode.forHtmlContent(dto.name));
         pw.println("' ${Registered Error Pages}</p>");
 
         pw.println("<table class=\"nicetable\">");
@@ -769,7 +744,7 @@ public class HttpServicePlugin extends HttpServlet {
             return;
         }
         pw.print("<p class=\"statline ui-state-highlight\">${Servlet Context} 
'");
-        pw.print(escapeXml(dto.name));
+        pw.print(Encode.forHtmlContent(dto.name));
         pw.println("' ${Registered Listeners}</p>");
 
         pw.println("<table class=\"nicetable\">");

[felix-dev] branch master updated: FELIX-6628 : Migrate http webconsoleplugin to Jakarta Servlet API

Reply via email to