Updated Branches: refs/heads/master 30586e706 -> 79088c993
WICKET-4546 Unencoded ampersands in CSS-/Javascript-Reference Project: http://git-wip-us.apache.org/repos/asf/wicket/repo Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/79088c99 Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/79088c99 Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/79088c99 Branch: refs/heads/master Commit: 79088c993f3ef968a78d5b0cd98748204977c0c6 Parents: 30586e7 Author: Martin Tzvetanov Grigorov <[email protected]> Authored: Fri May 11 15:33:58 2012 +0300 Committer: Martin Tzvetanov Grigorov <[email protected]> Committed: Fri May 11 15:33:58 2012 +0300 ---------------------------------------------------------------------- .../apache/wicket/core/util/string/CssUtils.java | 25 ++++++++ .../wicket/core/util/string/JavaScriptUtils.java | 6 +- .../apache/wicket/markup/head/CssHeaderItem.java | 17 ++---- .../wicket/core/util/string/CssUtilsTest.java | 43 ++++++++++++++ .../core/util/string/JavaScriptUtilsTest.java | 44 +++++++++++++++ 5 files changed, 120 insertions(+), 15 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/wicket/blob/79088c99/wicket-core/src/main/java/org/apache/wicket/core/util/string/CssUtils.java ---------------------------------------------------------------------- diff --git a/wicket-core/src/main/java/org/apache/wicket/core/util/string/CssUtils.java b/wicket-core/src/main/java/org/apache/wicket/core/util/string/CssUtils.java index 2fa1bb6..a4944a3 100644 --- a/wicket-core/src/main/java/org/apache/wicket/core/util/string/CssUtils.java +++ b/wicket-core/src/main/java/org/apache/wicket/core/util/string/CssUtils.java @@ -17,6 +17,7 @@ package org.apache.wicket.core.util.string; import org.apache.wicket.request.Response; +import org.apache.wicket.util.string.Strings; /** * Utility methods for CSS. @@ -78,4 +79,28 @@ public final class CssUtils { response.write(INLINE_CLOSE_TAG); } + + /** + * Writes a reference to a css file in the response object + * + * @param response + * the response to write to + * @param url + * the url of the css reference + * @param media + * the CSS media + */ + public static void writeLinkUrl(final Response response, final CharSequence url, final CharSequence media) + { + response.write("<link rel=\"stylesheet\" type=\"text/css\" href=\""); + response.write(Strings.escapeMarkup(url)); + response.write("\""); + if (media != null) + { + response.write(" media=\""); + response.write(Strings.escapeMarkup(media)); + response.write("\""); + } + response.write(" />"); + } } http://git-wip-us.apache.org/repos/asf/wicket/blob/79088c99/wicket-core/src/main/java/org/apache/wicket/core/util/string/JavaScriptUtils.java ---------------------------------------------------------------------- diff --git a/wicket-core/src/main/java/org/apache/wicket/core/util/string/JavaScriptUtils.java b/wicket-core/src/main/java/org/apache/wicket/core/util/string/JavaScriptUtils.java index a6b3a56..ed0022e 100644 --- a/wicket-core/src/main/java/org/apache/wicket/core/util/string/JavaScriptUtils.java +++ b/wicket-core/src/main/java/org/apache/wicket/core/util/string/JavaScriptUtils.java @@ -130,7 +130,7 @@ public class JavaScriptUtils response.write("<script type=\"text/javascript\" "); if (id != null) { - response.write("id=\"" + id + "\" "); + response.write("id=\"" + Strings.escapeMarkup(id) + "\" "); } if (defer) { @@ -138,10 +138,10 @@ public class JavaScriptUtils } if (charset != null) { - response.write("charset=\"" + charset + "\" "); + response.write("charset=\"" + Strings.escapeMarkup(charset) + "\" "); } response.write("src=\""); - response.write(url); + response.write(Strings.escapeMarkup(url)); response.write("\"></script>"); response.write("\n"); } http://git-wip-us.apache.org/repos/asf/wicket/blob/79088c99/wicket-core/src/main/java/org/apache/wicket/markup/head/CssHeaderItem.java ---------------------------------------------------------------------- diff --git a/wicket-core/src/main/java/org/apache/wicket/markup/head/CssHeaderItem.java b/wicket-core/src/main/java/org/apache/wicket/markup/head/CssHeaderItem.java index cf82644..92978da 100644 --- a/wicket-core/src/main/java/org/apache/wicket/markup/head/CssHeaderItem.java +++ b/wicket-core/src/main/java/org/apache/wicket/markup/head/CssHeaderItem.java @@ -16,6 +16,7 @@ */ package org.apache.wicket.markup.head; +import org.apache.wicket.core.util.string.CssUtils; import org.apache.wicket.request.Response; import org.apache.wicket.request.mapper.parameter.PageParameters; import org.apache.wicket.request.resource.ResourceReference; @@ -190,8 +191,6 @@ public abstract class CssHeaderItem extends HeaderItem String condition) { Args.notEmpty(url, "url"); - - String urlWoSessionId = Strings.stripJSessionId(url); boolean hasCondition = Strings.isEmpty(condition) == false; if (hasCondition) @@ -200,16 +199,10 @@ public abstract class CssHeaderItem extends HeaderItem response.write(condition); response.write("]>"); } - response.write("<link rel=\"stylesheet\" type=\"text/css\" href=\""); - response.write(urlWoSessionId); - response.write("\""); - if (media != null) - { - response.write(" media=\""); - response.write(media); - response.write("\""); - } - response.write(" />"); + + String urlWoSessionId = Strings.stripJSessionId(url); + CssUtils.writeLinkUrl(response, urlWoSessionId, media); + if (hasCondition) { response.write("<![endif]-->"); http://git-wip-us.apache.org/repos/asf/wicket/blob/79088c99/wicket-core/src/test/java/org/apache/wicket/core/util/string/CssUtilsTest.java ---------------------------------------------------------------------- diff --git a/wicket-core/src/test/java/org/apache/wicket/core/util/string/CssUtilsTest.java b/wicket-core/src/test/java/org/apache/wicket/core/util/string/CssUtilsTest.java new file mode 100644 index 0000000..3111f11 --- /dev/null +++ b/wicket-core/src/test/java/org/apache/wicket/core/util/string/CssUtilsTest.java @@ -0,0 +1,43 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.wicket.core.util.string; + +import org.apache.wicket.response.StringResponse; +import org.junit.Assert; +import org.junit.Test; + +/** + * @since 1.5.7 + */ +public class CssUtilsTest extends Assert +{ + /** + * https://issues.apache.org/jira/browse/WICKET-4546 + * + * @throws Exception + */ + @Test + public void writeLinkUrl() throws Exception + { + StringResponse response = new StringResponse(); + String url = "some/url;jsessionid=1234?with=parameters&p1=v1"; + String media = "some&bad&media"; + CssUtils.writeLinkUrl(response, url, media); + + assertEquals("<link rel=\"stylesheet\" type=\"text/css\" href=\"some/url;jsessionid=1234?with=parameters&p1=v1\" media=\"some&bad&media\" />", response.toString()); + } +} http://git-wip-us.apache.org/repos/asf/wicket/blob/79088c99/wicket-core/src/test/java/org/apache/wicket/core/util/string/JavaScriptUtilsTest.java ---------------------------------------------------------------------- diff --git a/wicket-core/src/test/java/org/apache/wicket/core/util/string/JavaScriptUtilsTest.java b/wicket-core/src/test/java/org/apache/wicket/core/util/string/JavaScriptUtilsTest.java new file mode 100644 index 0000000..5fe9ae0 --- /dev/null +++ b/wicket-core/src/test/java/org/apache/wicket/core/util/string/JavaScriptUtilsTest.java @@ -0,0 +1,44 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.wicket.core.util.string; + +import org.apache.wicket.response.StringResponse; +import org.junit.Assert; +import org.junit.Test; + +/** + * @since 1.5.7 + */ +public class JavaScriptUtilsTest extends Assert +{ + /** + * https://issues.apache.org/jira/browse/WICKET-4546 + * @throws Exception + */ + @Test + public void writeJavaScriptUrl() throws Exception + { + StringResponse response = new StringResponse(); + String url = "some/url;jsessionid=1234?p1=v1&p2=v2"; + String id = "some&bad%id"; + boolean defer = true; + String charset = "some&bad%%charset"; + JavaScriptUtils.writeJavaScriptUrl(response, url, id, defer, charset); + + assertEquals("<script type=\"text/javascript\" id=\"some&bad%id\" defer=\"defer\" charset=\"some&bad%%charset\" src=\"some/url;jsessionid=1234?p1=v1&p2=v2\"></script>\n", response.toString()); + } +}
