Commit 36f9a7ab authored by arild2g's avatar arild2g
Browse files

Adds more encoding in Handler.java

Ref #5

# Conflicts:
#	src/main/java/inf226/inchat/Handler.java
parent 2e7dc169
......@@ -93,8 +93,8 @@ public class Handler extends AbstractHandler
// Try to register a new user:
System.err.println("User registration.");
try {
String username = (new Maybe<String>
(request.getParameter("username"))).get();
String username = Encode.forHtml((new Maybe<String>
(request.getParameter("username"))).get());
String password = (new Maybe<String>
(request.getParameter("password"))).get();
System.err.println("Registering user: \"" + username
......@@ -163,8 +163,8 @@ public class Handler extends AbstractHandler
if(request.getParameter("newmessage") != null) {
String message = (new Maybe<String>
(request.getParameter("message"))).get();
String message = Encode.forHtml((new Maybe<String>
(request.getParameter("message"))).get());
channel = inchat.postMessage(account,channel,message).get();
}
......@@ -175,8 +175,8 @@ public class Handler extends AbstractHandler
channel = inchat.deleteEvent(channel, message);
}
if(request.getParameter("editmessage") != null) {
String message = (new Maybe<String>
(request.getParameter("content"))).get();
String message = Encode.forHtml((new Maybe<String>
(request.getParameter("content"))).get());
UUID messageId =
UUID.fromString(Maybe.just(request.getParameter("message")).get());
Stored<Channel.Event> event = inchat.getEvent(messageId).get();
......@@ -334,8 +334,8 @@ public class Handler extends AbstractHandler
// Try to create a new channel
System.err.println("Channel creation.");
try {
String channelName = (new Maybe<String>
(request.getParameter("channelname"))).get();
String channelName = Encode.forHtml((new Maybe<String>
(request.getParameter("channelname"))).get());
Stored<Channel> channel
= inchat.createChannel(account,channelName).get();
......@@ -415,7 +415,7 @@ public class Handler extends AbstractHandler
* Print the standard top with actions.
*/
private void printStandardTop(PrintWriter out, String topic) {
out.println("<h1 class=\"topic\"><a style=\"color: black;\" href=\"/\">"+ Encode.forHtml(topic) + "</a></h1>");
out.println("<h1 class=\"topic\"><a style=\"color: black;\" href=\"/\">"+ Encode.forHtmlAttribute(topic) + "</a></h1>");
out.println("<div class=\"actionbar\">");
out.println("<a class=\"action\" href=\"/create\">Create a channel!</a>");
out.println("<a class=\"action\" href=\"/joinChannel\">Join a channel!</a>");
......@@ -431,7 +431,7 @@ public class Handler extends AbstractHandler
out.println("<p>Your channels:</p>");
out.println("<ul class=\"chanlist\">");
account.channels.forEach( entry -> {
out.println("<li> <a href=\"/channel/" + entry.first + "\">" + entry.first + "</a></li>");
out.println("<li> <a href=\"/channel/" + Encode.forHtmlAttribute(entry.first) + "\">" + Encode.forHtml(entry.first) + "</a></li>");
});
out.println("</ul>");
out.println("</aside>");
......@@ -447,9 +447,9 @@ public class Handler extends AbstractHandler
out.println("<main id=\"channel\" role=\"main\" class=\"channel\">");
printChannelEvents(out,channel, token);
out.println("<script src=\"/script.js\"></script>");
out.println("<script>subscribe(\"" + channel.identity +"\",\"" + channel.version + "\");</script>");
out.println("<script>subscribe(\"" + Encode.forJavaScript(String.valueOf(channel.identity)) +"\",\"" + Encode.forJavaScript(String.valueOf(channel.version)) + "\");</script>");
out.println("<form class=\"entry\" action=\"/channel/" + Encode.forHtml(alias) + "\" method=\"post\">");
out.println("<form class=\"entry\" action=\"/channel/" + Encode.forHtmlAttribute(alias) + "\" method=\"post\">");
out.println(" <div class=\"user\">You</div>");
out.println(" <input type=\"hidden\" name=\"newmessage\" value=\"Send\">");
out.println(" <input type=\"hidden\" name=\"CSRFToken\" value=\"" + token + "\">");
......@@ -464,10 +464,10 @@ public class Handler extends AbstractHandler
out.println("</main>");
// Print out the aside:
out.println("<aside class=\"chanmenu\">");
out.println("<h4>Channel ID:</h4><br>" + channel.identity +"<br>");
out.println("<p><a href=\"/join?channelid=" + channel.identity + "\">Join link</a></p>");
out.println("<h4>Channel ID:</h4><br>" + Encode.forHtml(String.valueOf(channel.identity)) +"<br>");
out.println("<p><a href=\"/join?channelid=" + Encode.forUriComponent(String.valueOf(channel.identity)) + "\">Join link</a></p>");
out.println("<h4>Set permissions</h4><form action=\"/channel/" + Encode.forHtml(alias) + "\" method=\"post\">");
out.println("<h4>Set permissions</h4><form action=\"/channel/" + Encode.forHtmlAttribute(alias) + "\" method=\"post\">");
out.println("<input style=\"width: 8em;\" type=\"text\" placeholder=\"User name\" name=\"username\">");
out.println("<select name=\"role\" required=\"required\">");
out.println("<option value=\"owner\">Owner</option>");
......@@ -504,26 +504,26 @@ public class Handler extends AbstractHandler
switch(e.value.type) {
case message:
out.println("<div class=\"entry\">");
out.println(" <div class=\"user\">" + e.value.sender + "</div>");
out.println(" <div class=\"text\">" + e.value.message);
out.println(" <div class=\"user\">" + Encode.forHtmlAttribute(e.value.sender) + "</div>");
out.println(" <div class=\"text\">" + Encode.forHtml(e.value.message));
out.println(" </div>");
out.println(" <div class=\"messagecontrols\">");
out.println(" <form style=\"grid-area: delete;\" action=\"/channel/" + channel.value.name + "\" method=\"POST\">");
out.println(" <input type=\"hidden\" name=\"message\" value=\""+ e.identity + "\">");
out.println(" <form style=\"grid-area: delete;\" action=\"/channel/" + Encode.forHtmlAttribute(channel.value.name) + "\" method=\"POST\">");
out.println(" <input type=\"hidden\" name=\"message\" value=\""+ Encode.forHtmlAttribute(String.valueOf(e.identity)) + "\">");
out.println(" <input type=\"hidden\" name=\"CSRFToken\" value=\"" + token + "\">");
out.println(" <input type=\"submit\" name=\"deletemessage\" value=\"Delete\">");
out.println(" </form><form style=\"grid-area: edit;\" action=\"/editMessage\" method=\"POST\">");
out.println(" ");
out.println(" <input type=\"hidden\" name=\"message\" value=\""+ e.identity + "\">");
out.println(" <input type=\"hidden\" name=\"channelname\" value=\""+ channel.value.name + "\">");
out.println(" <input type=\"hidden\" name=\"originalcontent\" value=\""+ e.value.message + "\">");
out.println(" <input type=\"hidden\" name=\"message\" value=\""+ Encode.forHtmlAttribute(String.valueOf(e.identity)) + "\">");
out.println(" <input type=\"hidden\" name=\"channelname\" value=\""+ Encode.forHtmlAttribute(channel.value.name) + "\">");
out.println(" <input type=\"hidden\" name=\"originalcontent\" value=\""+ Encode.forHtmlAttribute(e.value.message) + "\">");
out.println(" <input type=\"submit\" name=\"editmessage\" value=\"Edit\">");
out.println(" </form>");
out.println(" </div>");
out.println("</div>");
return;
case join:
out.println("<p>" + formatter.format(e.value.time) + " " + e.value.sender + " has joined!</p>");
out.println("<p>" + formatter.format(e.value.time) + " " + Encode.forHtml(e.value.sender) + " has joined!</p>");
return;
}
});
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment