Xikui Wang has submitted this change and it was merged. Change subject: [ASTERIXDB-2047][UI] Escape special entities in HTML result delivery ......................................................................
[ASTERIXDB-2047][UI] Escape special entities in HTML result delivery - user model changes: no - storage format changes: no - interface changes: no Details: - Escape HTML special entities to make sure we don't have fancy HTML style display with user data. Change-Id: I7aa05fe39b7a1f755574c4f49fd9694239078586 Reviewed-on: https://asterix-gerrit.ics.uci.edu/1949 Sonar-Qube: Jenkins <jenk...@fulliautomatix.ics.uci.edu> Tested-by: Jenkins <jenk...@fulliautomatix.ics.uci.edu> Contrib: Jenkins <jenk...@fulliautomatix.ics.uci.edu> Reviewed-by: Till Westmann <ti...@apache.org> Integration-Tests: Jenkins <jenk...@fulliautomatix.ics.uci.edu> --- M asterixdb/asterix-app/src/main/java/org/apache/asterix/api/http/server/ResultUtil.java M asterixdb/asterix-app/src/main/java/org/apache/asterix/app/result/ResultPrinter.java 2 files changed, 15 insertions(+), 16 deletions(-) Approvals: Anon. E. Moose #1000171: Till Westmann: Looks good to me, approved Jenkins: Verified; No violations found; ; Verified diff --git a/asterixdb/asterix-app/src/main/java/org/apache/asterix/api/http/server/ResultUtil.java b/asterixdb/asterix-app/src/main/java/org/apache/asterix/api/http/server/ResultUtil.java index fa2f667..72d82e0 100644 --- a/asterixdb/asterix-app/src/main/java/org/apache/asterix/api/http/server/ResultUtil.java +++ b/asterixdb/asterix-app/src/main/java/org/apache/asterix/api/http/server/ResultUtil.java @@ -24,14 +24,11 @@ import java.io.InputStreamReader; import java.io.PrintWriter; import java.io.StringWriter; -import java.util.AbstractMap; +import java.util.Arrays; import java.util.Collections; -import java.util.Map; -import java.util.Map.Entry; +import java.util.List; import java.util.regex.Matcher; import java.util.regex.Pattern; -import java.util.stream.Collectors; -import java.util.stream.Stream; import org.apache.asterix.app.result.ResultHandle; import org.apache.asterix.app.result.ResultPrinter; @@ -41,6 +38,7 @@ import org.apache.asterix.om.types.ARecordType; import org.apache.asterix.translator.IStatementExecutor.Stats; import org.apache.asterix.translator.SessionOutput; +import org.apache.commons.lang3.tuple.Pair; import org.apache.http.ParseException; import org.apache.hyracks.algebricks.common.exceptions.AlgebricksException; import org.apache.hyracks.algebricks.core.algebra.prettyprint.AlgebricksAppendable; @@ -55,10 +53,9 @@ public class ResultUtil { private static final Logger LOGGER = Logger.getLogger(ResultUtil.class.getName()); - public static final Map<Character, String> HTML_ENTITIES = Collections.unmodifiableMap(Stream.of( - new AbstractMap.SimpleImmutableEntry<>('"', """), new AbstractMap.SimpleImmutableEntry<>('&', "&"), - new AbstractMap.SimpleImmutableEntry<>('<', "<"), new AbstractMap.SimpleImmutableEntry<>('>', ">")) - .collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue))); + public static final List<Pair<Character, String>> HTML_ENTITIES = Collections.unmodifiableList( + Arrays.asList(Pair.of('&', "&"), Pair.of('"', """), Pair.of('<', "<"), Pair.of('>', ">"), + Pair.of('\'', "'"))); private ResultUtil() { } @@ -71,7 +68,7 @@ */ public static String escapeHTML(String aString) { String escaped = aString; - for (Entry<Character, String> entry : HTML_ENTITIES.entrySet()) { + for (Pair<Character, String> entry : HTML_ENTITIES) { if (escaped.indexOf(entry.getKey()) >= 0) { escaped = escaped.replace(entry.getKey().toString(), entry.getValue()); } @@ -209,8 +206,8 @@ errorCode = 4; } - ObjectNode errorResp = ResultUtil.getErrorResponse(errorCode, extractErrorMessage(e), extractErrorSummary(e), - extractFullStackTrace(e)); + ObjectNode errorResp = ResultUtil + .getErrorResponse(errorCode, extractErrorMessage(e), extractErrorSummary(e), extractFullStackTrace(e)); out.write(errorResp.toString()); } @@ -304,10 +301,8 @@ * Read the template file which is stored as a resource and return its content. If the file does not exist or is * not readable return the default template string. * - * @param path - * The path to the resource template file - * @param defaultTemplate - * The default template string if the template file does not exist or is not readable + * @param path The path to the resource template file + * @param defaultTemplate The default template string if the template file does not exist or is not readable * @return The template string to be used to render the output. */ //TODO(till|amoudi|mblow|yingyi|ceej|imaxon): path is ignored completely!! diff --git a/asterixdb/asterix-app/src/main/java/org/apache/asterix/app/result/ResultPrinter.java b/asterixdb/asterix-app/src/main/java/org/apache/asterix/app/result/ResultPrinter.java index 56975d1..04ac0b3 100644 --- a/asterixdb/asterix-app/src/main/java/org/apache/asterix/app/result/ResultPrinter.java +++ b/asterixdb/asterix-app/src/main/java/org/apache/asterix/app/result/ResultPrinter.java @@ -24,6 +24,7 @@ import java.io.StringWriter; import java.nio.ByteBuffer; +import org.apache.asterix.api.http.server.ResultUtil; import org.apache.asterix.common.api.IApplicationContext; import org.apache.asterix.om.types.ARecordType; import org.apache.asterix.translator.IStatementExecutor.Stats; @@ -180,6 +181,9 @@ // TODO(tillw): this is inefficient as well record = JSONUtil.quoteAndEscape(record); } + if (conf.is(SessionConfig.FORMAT_HTML)) { + record = ResultUtil.escapeHTML(record); + } output.out().print(record); stats.setCount(stats.getCount() + 1); // TODO(tillw) fix this approximation -- To view, visit https://asterix-gerrit.ics.uci.edu/1949 To unsubscribe, visit https://asterix-gerrit.ics.uci.edu/settings Gerrit-MessageType: merged Gerrit-Change-Id: I7aa05fe39b7a1f755574c4f49fd9694239078586 Gerrit-PatchSet: 8 Gerrit-Project: asterixdb Gerrit-Branch: master Gerrit-Owner: Xikui Wang <xkk...@gmail.com> Gerrit-Reviewer: Anon. E. Moose #1000171 Gerrit-Reviewer: Jenkins <jenk...@fulliautomatix.ics.uci.edu> Gerrit-Reviewer: Till Westmann <ti...@apache.org> Gerrit-Reviewer: Xikui Wang <xkk...@gmail.com> Gerrit-Reviewer: abdullah alamoudi <bamou...@gmail.com>