diff --git a/source/de/anomic/data/wikiCode.java b/source/de/anomic/data/wikiCode.java index bff167e23..8985982d8 100644 --- a/source/de/anomic/data/wikiCode.java +++ b/source/de/anomic/data/wikiCode.java @@ -42,7 +42,7 @@ // Contributions and changes to the program code must be marked as such. // Contains contributions from Alexander Schier [AS] -// and Marc Nause [MN] +// Franz Brausse [FB] and Marc Nause [MN] package de.anomic.data; @@ -109,21 +109,134 @@ public class wikiCode { } } - public static String replaceHTML(String result) { - if (result == null) return null; - int p0; + //The following method has been submitted by [FB] (added and a few changes by MN) + /** Replaces special characters from a string. Otherwise they might cause ugly output on some systems. + * This code is also important to avoid XSS attacks. + * + * @param text a string that possibly contains special characters + * @return the string with all special characters encoded so they will look right on every system + */ + public static String replaceHTML(String text) { + if (text==null) { return null; } + for (int x=0;x<=htmlentities.length-1;x=x+2) { + int p=0; + while ((p=text.indexOf(htmlentities[x],p))>=0) { + text=text.substring(0,p)+htmlentities[x+1]+text.substring(p+htmlentities[x].length()); + p+=htmlentities[x+1].length(); + } + } + return text; + } - // Ampersands have to be replaced first. If they were replaced later, + //This array contains codes (see http://mindprod.com/jgloss/unicode.html for details) and + //patterns that will be replaced. To add new codes or patterns, just put them at the end + //of the list. + public static String[] htmlentities={ + // Ampersands _have_ to be replaced first. If they were replaced later, // other replaced characters containing ampersands would get messed up. - p0 = 0; while ((p0 = result.indexOf("&", p0)) >= 0) {result = result.substring(0, p0) + "&" + result.substring(p0 + 1); p0++;} - p0 = 0; while ((p0 = result.indexOf('"', p0)) >= 0) result = result.substring(0, p0) + """ + result.substring(p0 + 1); - p0 = 0; while ((p0 = result.indexOf("<", p0)) >= 0) result = result.substring(0, p0) + "<" + result.substring(p0 + 1); - p0 = 0; while ((p0 = result.indexOf(">", p0)) >= 0) result = result.substring(0, p0) + ">" + result.substring(p0 + 1); - //p0 = 0; while ((p0 = result.indexOf("*", p0)) >= 0) result = result.substring(0, p0) + "•" + result.substring(p0 + 1); - p0 = 0; while ((p0 = result.indexOf("(C)", p0)) >= 0) result = result.substring(0, p0) + "©" + result.substring(p0 + 3); - - return result; - } + "\u0026","&", //ampersand + "\\u0022",""", //quotation mark + "\u003c","<", //less than + "\u003e",">", //greater than + "\u00a1","¡", //inverted (spanish) exclamation mark + "\u00a2","¢", //cent + "\u00a3","£", //pound + "\u00a4","¤", //currency + "\u00a5","¥", //yen + "\u00a6","¦", //broken vertical bar + "\u00a7","§", //section sign + "\u00a8","¨", //diaeresis (umlaut) + "\u00a9","©", //copyright sign + "\u00aa","ª", //feminine ordinal indicator + "\u00ab","«", //left-pointing double angle quotation mark + "\u00ac","¬", //not sign + "\u00ad","­", //soft hyphen + "\u00ae","®", //registered sign + "\u00af","¯", //macron + "\u00b0","°", //degree sign + "\u00b1","±", //plus-minus sign + "\u00b2","²", //superscript two + "\u00b3","³", //superscript three + "\u00b4","´", //acute accent + "\u00b5","µ", //micro sign + "\u00b6","¶", //paragraph sign + "\u00b7","·", //middle dot + "\u00b8","¸", //cedilla + "\u00b9","¹", //superscript one + "\u00ba","º", //masculine ordinal indicator + "\u00bb","»", //right-pointing double angle quotation mark + "\u00bc","¼", //fraction 1/4 + "\u00bd","½", //fraction 1/2 + "\u00be","¾", //fraction 3/4 + "\u00bf","¿", //inverted (spanisch) questionmark + "\u00c0","À", + "\u00c1","Á", + "\u00c2","Â", + "\u00c3","Ã", + "\u00c4","Ä", + "\u00c5","Å", + "\u00c6","Æ", + "\u00c7","Ç", + "\u00c8","È", + "\u00c9","É", + "\u00ca","Ê", + "\u00cb","Ë", + "\u00cc","Ì", + "\u00cd","Í", + "\u00ce","Î", + "\u00cf","Ï", + "\u00d0","Ð", + "\u00d1","Ñ", + "\u00d2","Ò", + "\u00d3","Ó", + "\u00d4","Ô", + "\u00d5","Õ", + "\u00d6","Ö", + "\u00d7","×", + "\u00d8","Ø", + "\u00d9","Ù", + "\u00da","Ú", + "\u00db","Û", + "\u00dc","Ü", + "\u00dd","Ý", + "\u00de","Þ", + "\u00df","ß", + "\u00e0","à", + "\u00e1","á", + "\u00e2","â", + "\u00e3","ã", + "\u00e4","ä", + "\u00e5","å", + "\u00e6","æ", + "\u00e7","ç", + "\u00e8","è", + "\u00e9","é", + "\u00ea","ê", + "\u00eb","ë", + "\u00ec","ì", + "\u00ed","í", + "\u00ee","î", + "\u00ef","ï", + "\u00f0","ð", + "\u00e1","ñ", + "\u00e2","ò", + "\u00e3","ó", + "\u00e4","ô", + "\u00e5","õ", + "\u00e6","ö", + "\u00e7","÷", + "\u00e8","ø", + "\u00e9","ù", + "\u00ea","ú", + "\u00eb","û", + "\u00ec","ü", + "\u00ed","ý", + "\u00ee","þ", + "\u00ef","ÿ", + "(C)","©" + }; + //end contrib [FB] and [MN] + /** Replaces wiki tags with HTML tags. *