Updated Branches: refs/heads/wicket-1.5.x 1bf7ae9f9 -> 9da9a0dd2
WICKET-4546 Unencoded ampersands in CSS-/Javascript-Reference Project: http://git-wip-us.apache.org/repos/asf/wicket/repo Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/9da9a0dd Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/9da9a0dd Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/9da9a0dd Branch: refs/heads/wicket-1.5.x Commit: 9da9a0dd2b9711d62a8f122b6c341bec7a920626 Parents: 1bf7ae9 Author: Martin Tzvetanov Grigorov <[email protected]> Authored: Fri May 11 15:49:33 2012 +0300 Committer: Martin Tzvetanov Grigorov <[email protected]> Committed: Fri May 11 15:49:33 2012 +0300 ---------------------------------------------------------------------- .../markup/html/internal/HeaderResponse.java | 4 +- .../apache/wicket/util/string/JavaScriptUtils.java | 6 +- .../wicket/util/string/JavaScriptUtilsTest.java | 44 +++++++++++++++ 3 files changed, 49 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/wicket/blob/9da9a0dd/wicket-core/src/main/java/org/apache/wicket/markup/html/internal/HeaderResponse.java ---------------------------------------------------------------------- diff --git a/wicket-core/src/main/java/org/apache/wicket/markup/html/internal/HeaderResponse.java b/wicket-core/src/main/java/org/apache/wicket/markup/html/internal/HeaderResponse.java index 7817d46..33e8e0d 100644 --- a/wicket-core/src/main/java/org/apache/wicket/markup/html/internal/HeaderResponse.java +++ b/wicket-core/src/main/java/org/apache/wicket/markup/html/internal/HeaderResponse.java @@ -143,12 +143,12 @@ public abstract class HeaderResponse implements IHeaderResponse getResponse().write("]>"); } getResponse().write("<link rel=\"stylesheet\" type=\"text/css\" href=\""); - getResponse().write(urlWoSessionId); + getResponse().write(Strings.escapeMarkup(urlWoSessionId)); getResponse().write("\""); if (media != null) { getResponse().write(" media=\""); - getResponse().write(media); + getResponse().write(Strings.escapeMarkup(media)); getResponse().write("\""); } getResponse().write(" />"); http://git-wip-us.apache.org/repos/asf/wicket/blob/9da9a0dd/wicket-core/src/main/java/org/apache/wicket/util/string/JavaScriptUtils.java ---------------------------------------------------------------------- diff --git a/wicket-core/src/main/java/org/apache/wicket/util/string/JavaScriptUtils.java b/wicket-core/src/main/java/org/apache/wicket/util/string/JavaScriptUtils.java index 2468375..973652b 100644 --- a/wicket-core/src/main/java/org/apache/wicket/util/string/JavaScriptUtils.java +++ b/wicket-core/src/main/java/org/apache/wicket/util/string/JavaScriptUtils.java @@ -129,7 +129,7 @@ public class JavaScriptUtils response.write("<script type=\"text/javascript\" "); if (id != null) { - response.write("id=\"" + id + "\" "); + response.write("id=\"" + Strings.escapeMarkup(id) + "\" "); } if (defer) { @@ -137,10 +137,10 @@ public class JavaScriptUtils } if (charset != null) { - response.write("charset=\"" + charset + "\" "); + response.write("charset=\"" + Strings.escapeMarkup(charset) + "\" "); } response.write("src=\""); - response.write(url); + response.write(Strings.escapeMarkup(url)); response.write("\"></script>"); response.write("\n"); } http://git-wip-us.apache.org/repos/asf/wicket/blob/9da9a0dd/wicket-core/src/test/java/org/apache/wicket/util/string/JavaScriptUtilsTest.java ---------------------------------------------------------------------- diff --git a/wicket-core/src/test/java/org/apache/wicket/util/string/JavaScriptUtilsTest.java b/wicket-core/src/test/java/org/apache/wicket/util/string/JavaScriptUtilsTest.java new file mode 100644 index 0000000..074da7b --- /dev/null +++ b/wicket-core/src/test/java/org/apache/wicket/util/string/JavaScriptUtilsTest.java @@ -0,0 +1,44 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.wicket.util.string; + +import org.apache.wicket.response.StringResponse; +import org.junit.Assert; +import org.junit.Test; + +/** + * @since + */ +public class JavaScriptUtilsTest extends Assert +{ + /** + * https://issues.apache.org/jira/browse/WICKET-4546 + * @throws Exception + */ + @Test + public void writeJavaScriptUrl() throws Exception + { + StringResponse response = new StringResponse(); + String url = "some/url;jsessionid=1234?p1=v1&p2=v2"; + String id = "some&bad%id"; + boolean defer = true; + String charset = "some&bad%%charset"; + JavaScriptUtils.writeJavaScriptUrl(response, url, id, defer, charset); + + assertEquals("<script type=\"text/javascript\" id=\"some&bad%id\" defer=\"defer\" charset=\"some&bad%%charset\" src=\"some/url;jsessionid=1234?p1=v1&p2=v2\"></script>\n", response.toString()); + } +}
