zzz/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* i2psnark: More escape fixes

Browse Source
This commit is contained in:
zzz
2014-09-12 18:38:11 +00:00
parent 09dfea7dea
commit 682534f468
3 changed files with 33 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
apps/i2psnark/java/src/org/klomp/snark/web/I2PSnarkServlet.java
View File

@@ -1520,7 +1520,8 @@ public class I2PSnarkServlet extends BasicServlet {
// Can't figure out how to escape double quotes inside the onclick string. // Can't figure out how to escape double quotes inside the onclick string.
// Single quotes in translate strings with parameters must be doubled. // Single quotes in translate strings with parameters must be doubled.
// Then the remaining single quote must be escaped // Then the remaining single quote must be escaped
out.write(_("Are you sure you want to delete the file \\''{0}\\'' (downloaded data will not be deleted) ?", snark.getName())); out.write(_("Are you sure you want to delete the file \\''{0}\\'' (downloaded data will not be deleted) ?",
escapeJSString(snark.getName())));
out.write("')) { return false; }\""); out.write("')) { return false; }\"");
out.write(" src=\"" + _imgPath + "remove.png\" alt=\""); out.write(" src=\"" + _imgPath + "remove.png\" alt=\"");
out.write(_("Remove")); out.write(_("Remove"));
@@ -1540,7 +1541,8 @@ public class I2PSnarkServlet extends BasicServlet {
// Can't figure out how to escape double quotes inside the onclick string. // Can't figure out how to escape double quotes inside the onclick string.
// Single quotes in translate strings with parameters must be doubled. // Single quotes in translate strings with parameters must be doubled.
// Then the remaining single quote must be escaped // Then the remaining single quote must be escaped
out.write(_("Are you sure you want to delete the torrent \\''{0}\\'' and all downloaded data?", fullBasename)); out.write(_("Are you sure you want to delete the torrent \\''{0}\\'' and all downloaded data?",
escapeJSString(fullBasename)));
out.write("')) { return false; }\""); out.write("')) { return false; }\"");
out.write(" src=\"" + _imgPath + "delete.png\" alt=\""); out.write(" src=\"" + _imgPath + "delete.png\" alt=\"");
out.write(_("Delete")); out.write(_("Delete"));
@@ -1652,6 +1654,20 @@ public class I2PSnarkServlet extends BasicServlet {
} }
} }
/**
* Make it JS and HTML-safe
* @since 0.9.15
* http://stackoverflow.com/questions/8749001/escaping-html-entities-in-javascript-string-literals-within-the-script-block
*/
private static String escapeJSString(String s) {
return s.replace("\\", "\\u005c")
.replace("<", "\\u003c")
.replace(">", "\\u003e")
.replace("\"", "\\u0022")
.replace("'", "\\u0027")
.replace("&", "\\u0026");
}
/** /**
* Get version from bytes 3-6 * Get version from bytes 3-6
* @return " w.x.y.z" or "" * @return " w.x.y.z" or ""

14
apps/i2psnark/java/src/org/klomp/snark/web/URIUtil.java
View File

@@ -85,6 +85,8 @@ class URIUtil
case '>': case '>':
case ' ': case ' ':
case ':': case ':':
case '[':
case ']':
buf=new StringBuilder(path.length()*2); buf=new StringBuilder(path.length()*2);
break loop; break loop;
default: default:
@@ -143,6 +145,12 @@ class URIUtil
case ':': case ':':
buf.append("%3A"); buf.append("%3A");
continue; continue;
case '[':
buf.append("%5B");
continue;
case ']':
buf.append("%5D");
continue;
default: default:
if (c <= 0x1f) // includes negative if (c <= 0x1f) // includes negative
toHex(c,buf); toHex(c,buf);
@@ -190,6 +198,12 @@ class URIUtil
case ':': case ':':
buf.append("%3A"); buf.append("%3A");
continue; continue;
case '[':
buf.append("%5B");
continue;
case ']':
buf.append("%5D");
continue;
default: default:
if (c <= 0x1f || (c >= 0x7f && c <= 0x9f) || Character.isSpaceChar(c)) if (c <= 0x1f || (c >= 0x7f && c <= 0x9f) || Character.isSpaceChar(c))
toHex(c,buf); toHex(c,buf);

2
router/java/src/net/i2p/router/RouterVersion.java
View File

@@ -18,7 +18,7 @@ public class RouterVersion {
/** deprecated */ /** deprecated */
public final static String ID = "Monotone"; public final static String ID = "Monotone";
public final static String VERSION = CoreVersion.VERSION; public final static String VERSION = CoreVersion.VERSION;
public final static long BUILD = 16; public final static long BUILD = 17;
/** for example "-test" */ /** for example "-test" */
public final static String EXTRA = "-rc"; public final static String EXTRA = "-rc";