Skip to content

Commit

Permalink
DDF-4355 Sanitize Text Preview Action (#4077)
Browse files Browse the repository at this point in the history 
* DDF-4355 Sanitize Text Preview Action so that HTML elements do not render in the browser

* DDF-4355 Add commons-text version property
  • Loading branch information
@alexabird @clockard
alexabird authored and clockard committed Dec 4, 2018
1 parent 00381be commit 060a8fc
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 6 deletions.
8 changes: 7 additions & 1 deletion catalog/transformer/catalog-transformer-preview/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,11 @@
<artifactId>catalog-transformer-common</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-text</artifactId>
<version>${commons-text.version}</version>
</dependency>
</dependencies>

<build>
Expand All @@ -66,7 +71,8 @@
<Export-Package/>
<Embed-Dependency>
catalog-core-api-impl,
catalog-core-actions
catalog-core-actions,
commons-text
</Embed-Dependency>
<Import-Package>
!org.codice.ddf.platform.util,
Expand Down
7 changes: 3 additions & 4 deletions ...-preview/src/main/java/org/codice/ddf/transformer/preview/PreviewMetacardTransformer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
import ddf.catalog.transform.MetacardTransformer;
import java.io.Serializable;
import java.util.Map;
import org.apache.commons.text.StringEscapeUtils;
import org.apache.tika.io.IOUtils;

public class PreviewMetacardTransformer implements MetacardTransformer {
Expand All @@ -36,10 +37,8 @@ public BinaryContent transform(Metacard metacard, Map<String, Serializable> argu
if (metacard.getAttribute(Extracted.EXTRACTED_TEXT) != null
&& metacard.getAttribute(Extracted.EXTRACTED_TEXT).getValue() != null) {
preview =
metacard
.getAttribute(Extracted.EXTRACTED_TEXT)
.getValue()
.toString()
StringEscapeUtils.escapeHtml4(
metacard.getAttribute(Extracted.EXTRACTED_TEXT).getValue().toString())
.replaceAll("[\n|\r]", "<br>");
preview = String.format("<head><meta charset=\"utf-8\"/>%s</head>", preview);
}
Expand Down
2 changes: 1 addition & 1 deletion features/cxf/src/main/feature/feature.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -663,7 +663,7 @@
<bundle start-level="35" dependency="true">
mvn:org.apache.commons/commons-lang3/${cxf.commons-lang3.version}
</bundle>
<bundle start-level="35" dependency="true">mvn:org.apache.commons/commons-text/1.2</bundle>
<bundle start-level="35" dependency="true">mvn:org.apache.commons/commons-text/${commons-text.version}</bundle>
<bundle dependency="true">
wrap:mvn:org.apache.velocity/velocity-engine-core/${cxf.velocity.version}
</bundle>
Expand Down
1 change: 1 addition & 0 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,7 @@
<commons-logging.version>1.2</commons-logging.version>
<commons-net.version>3.5</commons-net.version>
<commons-pool.version>1.6</commons-pool.version>
<commons-text.version>1.2</commons-text.version>
<commons-validator.version>1.6</commons-validator.version>
<components-font-awesome.version>4.7.0</components-font-awesome.version>
<countryconverter.version>0.1.4</countryconverter.version>
Expand Down

0 comments on commit 060a8fc

Please sign in to comment.