[isis] branch master updated: ISIS-3077: minor: renaming var

Thu, 23 Jun 2022 01:49:54 -0700 

This is an automated email from the ASF dual-hosted git repository.

ahuber pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/isis.git


The following commit(s) were added to refs/heads/master by this push:
     new fa83d7a56a ISIS-3077: minor: renaming var
fa83d7a56a is described below

commit fa83d7a56ad5b3e0d6c3467e960c914b1988c981
Author: Andi Huber <ahu...@apache.org>
AuthorDate: Thu Jun 23 10:47:22 2022 +0200

    ISIS-3077: minor: renaming var
---
 .../apache/isis/commons/internal/hardening/_Hardening.java   | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git 
a/commons/src/main/java/org/apache/isis/commons/internal/hardening/_Hardening.java
 
b/commons/src/main/java/org/apache/isis/commons/internal/hardening/_Hardening.java
index 1dcc9b6c10..9095e062db 100644
--- 
a/commons/src/main/java/org/apache/isis/commons/internal/hardening/_Hardening.java
+++ 
b/commons/src/main/java/org/apache/isis/commons/internal/hardening/_Hardening.java
@@ -41,18 +41,18 @@ public class _Hardening {
      * @throws IllegalArgumentException - when an XSS attack is encountered, 
or the URL is not parseable
      * @implNote unfortunately has potential for false positives; but shall do 
for now
      */
-    public static Optional<URL> toUrlWithXssGuard(final @Nullable String 
urlString) {
-        if(urlString==null) {
+    public static Optional<URL> toUrlWithXssGuard(final @Nullable String 
untrustedUrl) {
+        if(_Strings.isEmpty(untrustedUrl)) {
             return Optional.empty();
         }
-        if(_Strings.condenseWhitespaces(urlString.toLowerCase(), 
"").contains("javascript:")) {
+        if(_Strings.condenseWhitespaces(untrustedUrl.toLowerCase(), 
"").contains("javascript:")) {
             // simple guard against XSS attacks like javascript:alert(document)
-            throw new IllegalArgumentException("Not parseable as an URL ('" + 
urlString + "').");
+            throw new IllegalArgumentException("Not parseable as an URL ('" + 
untrustedUrl + "').");
         }
         try {
-            return Optional.of(new java.net.URL(urlString));
+            return Optional.of(new java.net.URL(untrustedUrl));
         } catch (final MalformedURLException ex) {
-            throw new IllegalArgumentException("Not parseable as an URL ('" + 
urlString + "').", ex);
+            throw new IllegalArgumentException("Not parseable as an URL ('" + 
untrustedUrl + "').", ex);
         }
     }

Reply via email to