diff options
| author | Chris Goldthorpe | 2010-05-11 22:11:00 +0000 |
|---|---|---|
| committer | Chris Goldthorpe | 2010-05-11 22:11:00 +0000 |
| commit | 2c8111872238680952f3c2ac6eff511ce2d5833c (patch) | |
| tree | e09fad3bd664f5390da3bed1ede26fd02fced644 | |
| parent | 238f3224e3ad83bc02413430a4250e9f76d525c2 (diff) | |
| download | eclipse.platform.ua-2c8111872238680952f3c2ac6eff511ce2d5833c.tar.gz eclipse.platform.ua-2c8111872238680952f3c2ac6eff511ce2d5833c.tar.xz eclipse.platform.ua-2c8111872238680952f3c2ac6eff511ce2d5833c.zip | |
Bug 312511 - [Test] UATestContentProducer is insecure
| -rw-r--r-- | org.eclipse.ua.tests/base/org/eclipse/ua/tests/util/UATestContentProducer.java | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/org.eclipse.ua.tests/base/org/eclipse/ua/tests/util/UATestContentProducer.java b/org.eclipse.ua.tests/base/org/eclipse/ua/tests/util/UATestContentProducer.java index fb9a07435..bb1cab4f7 100644 --- a/org.eclipse.ua.tests/base/org/eclipse/ua/tests/util/UATestContentProducer.java +++ b/org.eclipse.ua.tests/base/org/eclipse/ua/tests/util/UATestContentProducer.java @@ -36,11 +36,23 @@ public class UATestContentProducer implements IHelpContentProducer { String title = href.substring(slash1 + 1, slash2); String body = href.substring(slash2 + 1, dotHtml); String result = "<head><title>"; - result += URLCoder.decode(title); + result += filterNonAlpha(URLCoder.decode(title)); result += "</title></head><body>"; - result +=URLCoder.decode(body); + result +=filterNonAlpha(URLCoder.decode(body)); result += "</body>"; return new ByteArrayInputStream(result.getBytes()); } + private String filterNonAlpha(String input) { + StringBuffer output = new StringBuffer(); + for (int i = 0; i < input.length(); i++) { + char c = input.charAt(i); + if (c == ' ' || Character.isLetter(c)) { + output.append(c); + } + } + System.out.println("Input = " + input + "output = " + output.toString()); + return output.toString(); + } + } |