Author: snoopdave
Date: Wed Feb 22 11:37:13 2006
New Revision: 379853
URL: http://svn.apache.org/viewcvs?rev=379853&view=rev
Log:
Applying safe HTML subset filter to HTML in comment notification emails
Modified:
incubator/roller/trunk/src/org/roller/presentation/servlets/CommentServlet.java
Modified:
incubator/roller/trunk/src/org/roller/presentation/servlets/CommentServlet.java
URL:
http://svn.apache.org/viewcvs/incubator/roller/trunk/src/org/roller/presentation/servlets/CommentServlet.java?rev=379853&r1=379852&r2=379853&view=diff
==============================================================================
---
incubator/roller/trunk/src/org/roller/presentation/servlets/CommentServlet.java
(original)
+++
incubator/roller/trunk/src/org/roller/presentation/servlets/CommentServlet.java
Wed Feb 22 11:37:13 2006
@@ -1,7 +1,6 @@
package org.roller.presentation.servlets;
import java.io.IOException;
-import java.net.MalformedURLException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
@@ -41,6 +40,7 @@
import org.roller.presentation.*;
import org.roller.presentation.cache.CacheManager;
import org.roller.presentation.velocity.DefaultCommentAuthenticator;
+import org.roller.util.Utilities;
/**
* The CommentServlet handles all incoming weblog entry comment posts.
@@ -361,7 +361,10 @@
}
msg.append((escapeHtml) ? "\n\n" : "<br /><br />");
- msg.append(cd.getContent());
+
+ msg.append((escapeHtml) ? Utilities.escapeHTML(cd.getContent())
+ :
Utilities.transformToHTMLSubset(Utilities.escapeHTML(cd.getContent())));
+
msg.append((escapeHtml) ? "\n\n----\n"
: "<br /><br /><hr /><span style=\"font-size: 11px\">");
msg.append(resources.getString("email.comment.respond") + ": ");
