Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChris Goldthorpe2010-05-11 22:11:00 +0000
committerChris Goldthorpe2010-05-11 22:11:00 +0000
commit2c8111872238680952f3c2ac6eff511ce2d5833c (patch)
treee09fad3bd664f5390da3bed1ede26fd02fced644 /org.eclipse.ua.tests/base/org/eclipse/ua/tests/util
parent238f3224e3ad83bc02413430a4250e9f76d525c2 (diff)
downloadeclipse.platform.ua-2c8111872238680952f3c2ac6eff511ce2d5833c.tar.gz
eclipse.platform.ua-2c8111872238680952f3c2ac6eff511ce2d5833c.tar.xz
eclipse.platform.ua-2c8111872238680952f3c2ac6eff511ce2d5833c.zip
Bug 312511 - [Test] UATestContentProducer is insecure
Diffstat (limited to 'org.eclipse.ua.tests/base/org/eclipse/ua/tests/util')
-rw-r--r--org.eclipse.ua.tests/base/org/eclipse/ua/tests/util/UATestContentProducer.java16
1 files changed, 14 insertions, 2 deletions
diff --git a/org.eclipse.ua.tests/base/org/eclipse/ua/tests/util/UATestContentProducer.java b/org.eclipse.ua.tests/base/org/eclipse/ua/tests/util/UATestContentProducer.java
index fb9a07435..bb1cab4f7 100644
--- a/org.eclipse.ua.tests/base/org/eclipse/ua/tests/util/UATestContentProducer.java
+++ b/org.eclipse.ua.tests/base/org/eclipse/ua/tests/util/UATestContentProducer.java
@@ -36,11 +36,23 @@ public class UATestContentProducer implements IHelpContentProducer {
String title = href.substring(slash1 + 1, slash2);
String body = href.substring(slash2 + 1, dotHtml);
String result = "<head><title>";
- result += URLCoder.decode(title);
+ result += filterNonAlpha(URLCoder.decode(title));
result += "</title></head><body>";
- result +=URLCoder.decode(body);
+ result +=filterNonAlpha(URLCoder.decode(body));
result += "</body>";
return new ByteArrayInputStream(result.getBytes());
}
+ private String filterNonAlpha(String input) {
+ StringBuffer output = new StringBuffer();
+ for (int i = 0; i < input.length(); i++) {
+ char c = input.charAt(i);
+ if (c == ' ' || Character.isLetter(c)) {
+ output.append(c);
+ }
+ }
+ System.out.println("Input = " + input + "output = " + output.toString());
+ return output.toString();
+ }
+
}

Back to the top