This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/master by this push:
new 0c620a9eda Adding HTML content rejection by default for text fields
(#754)
0c620a9eda is described below
commit 0c620a9eda2c0927875c129ebae66d2ea94f3e6a
Author: Francesco Chicchiriccò <[email protected]>
AuthorDate: Wed Jun 26 09:15:18 2024 +0200
Adding HTML content rejection by default for text fields (#754)
---
.../markup/html/form/AjaxPasswordFieldPanel.java | 3 +-
.../markup/html/form/AjaxTextFieldPanel.java | 12 ++---
.../markup/html/form/EncryptedFieldPanel.java | 11 ++--
.../commons/markup/html/form/TextFieldPanel.java | 58 ++++++++++++++++++++++
.../html/form/EncryptedFieldPanel_fr_CA.properties | 17 +++++++
.../markup/html/form/TextFieldPanel.properties | 17 +++++++
.../html/form/TextFieldPanel_fr_CA.properties | 17 +++++++
.../markup/html/form/TextFieldPanel_it.properties | 17 +++++++
.../markup/html/form/TextFieldPanel_ja.properties | 17 +++++++
.../html/form/TextFieldPanel_pt_BR.properties | 17 +++++++
.../markup/html/form/TextFieldPanel_ru.properties | 19 +++++++
.../markup/html/form/AjaxSearchFieldPanel.java | 21 +++-----
12 files changed, 201 insertions(+), 25 deletions(-)
diff --git
a/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/markup/html/form/AjaxPasswordFieldPanel.java
b/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/markup/html/form/AjaxPasswordFieldPanel.java
index da0a64337e..a18ec5b966 100644
---
a/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/markup/html/form/AjaxPasswordFieldPanel.java
+++
b/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/markup/html/form/AjaxPasswordFieldPanel.java
@@ -27,7 +27,7 @@ import org.apache.wicket.markup.html.form.PasswordTextField;
import org.apache.wicket.model.IModel;
import org.apache.wicket.model.ResourceModel;
-public class AjaxPasswordFieldPanel extends FieldPanel<String> {
+public class AjaxPasswordFieldPanel extends TextFieldPanel {
private static final long serialVersionUID = -5490115280336667460L;
@@ -50,6 +50,7 @@ public class AjaxPasswordFieldPanel extends
FieldPanel<String> {
super(id, name, model);
field = new PasswordTextField("passwordField", model);
+ setHTMLInputNotAllowed();
add(field.setLabel(new ResourceModel(name,
name)).setRequired(false).setOutputMarkupId(true));
Optional.ofNullable(passwordStrengthBehavior).ifPresent(field::add);
diff --git
a/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/markup/html/form/AjaxTextFieldPanel.java
b/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/markup/html/form/AjaxTextFieldPanel.java
index 270f6fb84a..d5b72430ed 100644
---
a/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/markup/html/form/AjaxTextFieldPanel.java
+++
b/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/markup/html/form/AjaxTextFieldPanel.java
@@ -33,9 +33,8 @@ import
org.apache.wicket.extensions.ajax.markup.html.autocomplete.AutoCompleteTe
import
org.apache.wicket.extensions.ajax.markup.html.autocomplete.IAutoCompleteRenderer;
import org.apache.wicket.model.IModel;
import org.apache.wicket.model.ResourceModel;
-import org.apache.wicket.validation.IValidator;
-public class AjaxTextFieldPanel extends FieldPanel<String> implements
Cloneable {
+public class AjaxTextFieldPanel extends TextFieldPanel implements Cloneable {
private static final long serialVersionUID = 238940918106696068L;
@@ -70,7 +69,9 @@ public class AjaxTextFieldPanel extends FieldPanel<String>
implements Cloneable
@Override
protected AutoCompleteBehavior<String> newAutoCompleteBehavior(
- final IAutoCompleteRenderer<String> renderer, final
AutoCompleteSettings settings) {
+ final IAutoCompleteRenderer<String> renderer,
+ final AutoCompleteSettings settings) {
+
return new IndicatorAutoCompleteBehavior<>(renderer, settings)
{
private static final long serialVersionUID =
1070808433195962931L;
@@ -82,6 +83,7 @@ public class AjaxTextFieldPanel extends FieldPanel<String>
implements Cloneable
};
}
};
+ setHTMLInputNotAllowed();
add(field.setLabel(new ResourceModel(name,
name)).setOutputMarkupId(true));
if (enableOnChange && !isReadOnly()) {
@@ -97,10 +99,6 @@ public class AjaxTextFieldPanel extends FieldPanel<String>
implements Cloneable
}
}
- public void addValidator(final IValidator<? super String> validator) {
- this.field.add(validator);
- }
-
public void setChoices(final List<String> choices) {
if (choices != null) {
this.choices = choices;
diff --git
a/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/markup/html/form/EncryptedFieldPanel.java
b/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/markup/html/form/EncryptedFieldPanel.java
index fa220fefb5..ba72ac7b36 100644
---
a/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/markup/html/form/EncryptedFieldPanel.java
+++
b/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/markup/html/form/EncryptedFieldPanel.java
@@ -25,7 +25,7 @@ import org.apache.wicket.markup.html.form.TextField;
import org.apache.wicket.model.IModel;
import org.apache.wicket.model.ResourceModel;
-public class EncryptedFieldPanel extends FieldPanel<String> implements
Cloneable {
+public class EncryptedFieldPanel extends TextFieldPanel implements Cloneable {
private static final long serialVersionUID = 1882871043451691005L;
@@ -34,7 +34,11 @@ public class EncryptedFieldPanel extends FieldPanel<String>
implements Cloneable
}
public EncryptedFieldPanel(
- final String id, final String name, final IModel<String> model,
final boolean enableOnChange) {
+ final String id,
+ final String name,
+ final IModel<String> model,
+ final boolean enableOnChange) {
+
super(id, name, model);
field = new TextField<>("encryptedField", model) {
@@ -43,9 +47,10 @@ public class EncryptedFieldPanel extends FieldPanel<String>
implements Cloneable
@Override
protected String[] getInputTypes() {
- return new String[]{"password"};
+ return new String[] { "password" };
}
};
+ setHTMLInputNotAllowed();
if (enableOnChange && !isReadOnly()) {
field.add(new
IndicatorAjaxFormComponentUpdatingBehavior(Constants.ON_CHANGE) {
diff --git
a/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/markup/html/form/TextFieldPanel.java
b/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/markup/html/form/TextFieldPanel.java
new file mode 100644
index 0000000000..d328e0546f
--- /dev/null
+++
b/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/markup/html/form/TextFieldPanel.java
@@ -0,0 +1,58 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.client.ui.commons.markup.html.form;
+
+import java.util.regex.Pattern;
+import org.apache.wicket.model.IModel;
+import org.apache.wicket.validation.IValidatable;
+import org.apache.wicket.validation.IValidator;
+import org.apache.wicket.validation.ValidationError;
+
+public abstract class TextFieldPanel extends FieldPanel<String> {
+
+ private static final long serialVersionUID = 1708195999215061362L;
+
+ private static final Pattern HTML_PATTERN =
Pattern.compile("<(\"[^\"]*\"|'[^']*'|[^'\">])*>");
+
+ public TextFieldPanel(final String id, final String name, final
IModel<String> model) {
+ super(id, name, model);
+ }
+
+ protected TextFieldPanel setHTMLInputNotAllowed() {
+ field.add(new IValidator<String>() {
+
+ private static final long serialVersionUID = -8386207349500954732L;
+
+ @Override
+ public void validate(final IValidatable<String> validatable) {
+ if (HTML_PATTERN.matcher(validatable.getValue()).matches()) {
+ ValidationError error = new
ValidationError().addKey("htmlErrorMessage");
+ error.setVariable("label", field.getLabel().getObject());
+ validatable.error(error);
+ }
+ }
+ });
+
+ return this;
+ }
+
+ public void addValidator(final IValidator<? super String> validator) {
+ this.field.add(validator);
+ }
+}
diff --git
a/client/idrepo/common-ui/src/main/resources/org/apache/syncope/client/ui/commons/markup/html/form/EncryptedFieldPanel_fr_CA.properties
b/client/idrepo/common-ui/src/main/resources/org/apache/syncope/client/ui/commons/markup/html/form/EncryptedFieldPanel_fr_CA.properties
new file mode 100644
index 0000000000..193287d603
--- /dev/null
+++
b/client/idrepo/common-ui/src/main/resources/org/apache/syncope/client/ui/commons/markup/html/form/EncryptedFieldPanel_fr_CA.properties
@@ -0,0 +1,17 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+confirmMessage=This will remove the current value. Continue?
diff --git
a/client/idrepo/common-ui/src/main/resources/org/apache/syncope/client/ui/commons/markup/html/form/TextFieldPanel.properties
b/client/idrepo/common-ui/src/main/resources/org/apache/syncope/client/ui/commons/markup/html/form/TextFieldPanel.properties
new file mode 100644
index 0000000000..812929d924
--- /dev/null
+++
b/client/idrepo/common-ui/src/main/resources/org/apache/syncope/client/ui/commons/markup/html/form/TextFieldPanel.properties
@@ -0,0 +1,17 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+htmlErrorMessage=HTML input not allowed for '${label}'
diff --git
a/client/idrepo/common-ui/src/main/resources/org/apache/syncope/client/ui/commons/markup/html/form/TextFieldPanel_fr_CA.properties
b/client/idrepo/common-ui/src/main/resources/org/apache/syncope/client/ui/commons/markup/html/form/TextFieldPanel_fr_CA.properties
new file mode 100644
index 0000000000..812929d924
--- /dev/null
+++
b/client/idrepo/common-ui/src/main/resources/org/apache/syncope/client/ui/commons/markup/html/form/TextFieldPanel_fr_CA.properties
@@ -0,0 +1,17 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+htmlErrorMessage=HTML input not allowed for '${label}'
diff --git
a/client/idrepo/common-ui/src/main/resources/org/apache/syncope/client/ui/commons/markup/html/form/TextFieldPanel_it.properties
b/client/idrepo/common-ui/src/main/resources/org/apache/syncope/client/ui/commons/markup/html/form/TextFieldPanel_it.properties
new file mode 100644
index 0000000000..722f908485
--- /dev/null
+++
b/client/idrepo/common-ui/src/main/resources/org/apache/syncope/client/ui/commons/markup/html/form/TextFieldPanel_it.properties
@@ -0,0 +1,17 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+htmlErrorMessage=Input HTML non consentito per '${label}'
diff --git
a/client/idrepo/common-ui/src/main/resources/org/apache/syncope/client/ui/commons/markup/html/form/TextFieldPanel_ja.properties
b/client/idrepo/common-ui/src/main/resources/org/apache/syncope/client/ui/commons/markup/html/form/TextFieldPanel_ja.properties
new file mode 100644
index 0000000000..812929d924
--- /dev/null
+++
b/client/idrepo/common-ui/src/main/resources/org/apache/syncope/client/ui/commons/markup/html/form/TextFieldPanel_ja.properties
@@ -0,0 +1,17 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+htmlErrorMessage=HTML input not allowed for '${label}'
diff --git
a/client/idrepo/common-ui/src/main/resources/org/apache/syncope/client/ui/commons/markup/html/form/TextFieldPanel_pt_BR.properties
b/client/idrepo/common-ui/src/main/resources/org/apache/syncope/client/ui/commons/markup/html/form/TextFieldPanel_pt_BR.properties
new file mode 100644
index 0000000000..812929d924
--- /dev/null
+++
b/client/idrepo/common-ui/src/main/resources/org/apache/syncope/client/ui/commons/markup/html/form/TextFieldPanel_pt_BR.properties
@@ -0,0 +1,17 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+htmlErrorMessage=HTML input not allowed for '${label}'
diff --git
a/client/idrepo/common-ui/src/main/resources/org/apache/syncope/client/ui/commons/markup/html/form/TextFieldPanel_ru.properties
b/client/idrepo/common-ui/src/main/resources/org/apache/syncope/client/ui/commons/markup/html/form/TextFieldPanel_ru.properties
new file mode 100644
index 0000000000..1ffe19264e
--- /dev/null
+++
b/client/idrepo/common-ui/src/main/resources/org/apache/syncope/client/ui/commons/markup/html/form/TextFieldPanel_ru.properties
@@ -0,0 +1,19 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+#
field.DateTimeFieldPanel$DateTimeFormValidator=\u00d0\u009f\u00d0\u00be\u00d0\u00bb\u00d0\u00b5
'${label0}'
\u00d0\u00b4\u00d0\u00be\u00d0\u00bb\u00d0\u00b6\u00d0\u00bd\u00d0\u00be
\u00d0\u00b1\u00d1\u008b\u00d1\u0082\u00d1\u008c
\u00d0\u00b7\u00d0\u00b0\u00d0\u00bf\u00d0\u00be\u00d0\u00bb\u00d0\u00bd\u00d0\u00b5\u00d0\u00bd\u00d0\u00be
\u00d0\u00bf\u00d0\u00be\u00d0\u00bb\u00d0\u00bd\u00d0\u00be\u00d1\u0081\u00d1\u0082\u00d1\u008c\u00d1\u008e
+htmlErrorMessage=HTML input not allowed for '${label}'
diff --git
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/wicket/markup/html/form/AjaxSearchFieldPanel.java
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/wicket/markup/html/form/AjaxSearchFieldPanel.java
index 96f0d33d45..e81ff761b4 100644
---
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/wicket/markup/html/form/AjaxSearchFieldPanel.java
+++
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/wicket/markup/html/form/AjaxSearchFieldPanel.java
@@ -24,6 +24,7 @@ import org.apache.syncope.client.ui.commons.Constants;
import
org.apache.syncope.client.ui.commons.ajax.form.IndicatorAjaxFormComponentUpdatingBehavior;
import
org.apache.syncope.client.ui.commons.ajax.form.IndicatorAutoCompleteBehavior;
import org.apache.syncope.client.ui.commons.markup.html.form.FieldPanel;
+import org.apache.syncope.client.ui.commons.markup.html.form.TextFieldPanel;
import org.apache.wicket.ajax.AjaxRequestTarget;
import
org.apache.wicket.extensions.ajax.markup.html.autocomplete.AutoCompleteBehavior;
import
org.apache.wicket.extensions.ajax.markup.html.autocomplete.AutoCompleteSettings;
@@ -31,9 +32,8 @@ import
org.apache.wicket.extensions.ajax.markup.html.autocomplete.AutoCompleteTe
import
org.apache.wicket.extensions.ajax.markup.html.autocomplete.IAutoCompleteRenderer;
import org.apache.wicket.model.IModel;
import org.apache.wicket.model.ResourceModel;
-import org.apache.wicket.validation.IValidator;
-public class AjaxSearchFieldPanel extends FieldPanel<String> implements
Cloneable {
+public class AjaxSearchFieldPanel extends TextFieldPanel implements Cloneable {
private static final long serialVersionUID = 6890905510177974519L;
@@ -75,11 +75,12 @@ public class AjaxSearchFieldPanel extends
FieldPanel<String> implements Cloneabl
@Override
protected AutoCompleteBehavior<String> newAutoCompleteBehavior(
- final IAutoCompleteRenderer<String> renderer, final
AutoCompleteSettings settings) {
+ final IAutoCompleteRenderer<String> renderer,
+ final AutoCompleteSettings settings) {
return new IndicatorAutoCompleteBehavior<>(
- AjaxSearchFieldPanel.this.renderer != null ?
AjaxSearchFieldPanel.this.renderer : renderer,
- AjaxSearchFieldPanel.this.settings != null ?
AjaxSearchFieldPanel.this.settings : settings) {
+ AjaxSearchFieldPanel.this.renderer != null ?
AjaxSearchFieldPanel.this.renderer : renderer,
+ AjaxSearchFieldPanel.this.settings != null ?
AjaxSearchFieldPanel.this.settings : settings) {
private static final long serialVersionUID =
1070808433195962931L;
@@ -90,6 +91,7 @@ public class AjaxSearchFieldPanel extends FieldPanel<String>
implements Cloneabl
};
}
};
+ setHTMLInputNotAllowed();
add(field.setLabel(new ResourceModel(name,
name)).setOutputMarkupId(true));
if (!isReadOnly()) {
@@ -105,19 +107,10 @@ public class AjaxSearchFieldPanel extends
FieldPanel<String> implements Cloneabl
}
}
- @Override
- public FieldPanel<String> setRequired(final boolean required) {
- return super.setRequired(required);
- }
-
public List<String> getChoices() {
return choices;
}
- public void addValidator(final IValidator<String> validator) {
- this.field.add(validator);
- }
-
public void onUpdateBehavior() {
}
