*) Fixed XSS vulnerability. I was able to crawl a PDF that caused the loading of an image in the admin's browser.

git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@2056 6c8d7289-2bf4-0310-a012-ef5d649a1542

htroot/ViewFile.java

@@ -50,6 +50,7 @@ import java.net.URL;
 import java.net.URLDecoder;
 import java.net.URLEncoder;
 
+import de.anomic.data.wikiCode;
 import de.anomic.http.httpHeader;
 import de.anomic.http.httpc;
 import de.anomic.plasma.plasmaHTCache;
@@ -182,6 +183,7 @@ public class ViewFile {
                 
                 if (viewMode.equals("parsed")) {
                     String content = new String(document.getText());
+		    content = wikiCode.replaceHTML(content); //added by Marc Nause
                     content = content.replaceAll("\n","<br>")
                                      .replaceAll("\t","&nbsp;&nbsp;&nbsp;&nbsp;");
                     
@@ -196,7 +198,7 @@ public class ViewFile {
                     
                     boolean dark = true;
                     for (int i=0; i < sentences.length; i++) {
-                        String currentSentence = sentences[i];
+                        String currentSentence = wikiCode.replaceHTML(sentences[i]);
                         
                         // Search word highlighting
                         String words = post.get("words",null);
@@ -213,7 +215,6 @@ public class ViewFile {
                             }
                         }
                         
-                        
                         prop.put("viewMode_sentences_" + i + "_nr",Integer.toString(i+1)); 
                         prop.put("viewMode_sentences_" + i + "_text",currentSentence);   
                         prop.put("viewMode_sentences_" + i + "_dark",((dark) ? 1 : 0) ); dark=!dark;