This is an automated email from the ASF dual-hosted git repository. ahuber pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/isis.git
The following commit(s) were added to refs/heads/master by this push: new fa83d7a56a ISIS-3077: minor: renaming var fa83d7a56a is described below commit fa83d7a56ad5b3e0d6c3467e960c914b1988c981 Author: Andi Huber <ahu...@apache.org> AuthorDate: Thu Jun 23 10:47:22 2022 +0200 ISIS-3077: minor: renaming var --- .../apache/isis/commons/internal/hardening/_Hardening.java | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/commons/src/main/java/org/apache/isis/commons/internal/hardening/_Hardening.java b/commons/src/main/java/org/apache/isis/commons/internal/hardening/_Hardening.java index 1dcc9b6c10..9095e062db 100644 --- a/commons/src/main/java/org/apache/isis/commons/internal/hardening/_Hardening.java +++ b/commons/src/main/java/org/apache/isis/commons/internal/hardening/_Hardening.java @@ -41,18 +41,18 @@ public class _Hardening { * @throws IllegalArgumentException - when an XSS attack is encountered, or the URL is not parseable * @implNote unfortunately has potential for false positives; but shall do for now */ - public static Optional<URL> toUrlWithXssGuard(final @Nullable String urlString) { - if(urlString==null) { + public static Optional<URL> toUrlWithXssGuard(final @Nullable String untrustedUrl) { + if(_Strings.isEmpty(untrustedUrl)) { return Optional.empty(); } - if(_Strings.condenseWhitespaces(urlString.toLowerCase(), "").contains("javascript:")) { + if(_Strings.condenseWhitespaces(untrustedUrl.toLowerCase(), "").contains("javascript:")) { // simple guard against XSS attacks like javascript:alert(document) - throw new IllegalArgumentException("Not parseable as an URL ('" + urlString + "')."); + throw new IllegalArgumentException("Not parseable as an URL ('" + untrustedUrl + "')."); } try { - return Optional.of(new java.net.URL(urlString)); + return Optional.of(new java.net.URL(untrustedUrl)); } catch (final MalformedURLException ex) { - throw new IllegalArgumentException("Not parseable as an URL ('" + urlString + "').", ex); + throw new IllegalArgumentException("Not parseable as an URL ('" + untrustedUrl + "').", ex); } }