(syncope) branch 3_0_X updated: Last resort against HTML-like input when not allowed

Sat, 24 Aug 2024 00:56:44 -0700 

This is an automated email from the ASF dual-hosted git repository.

ilgrosso pushed a commit to branch 3_0_X
in repository https://gitbox.apache.org/repos/asf/syncope.git


The following commit(s) were added to refs/heads/3_0_X by this push:
     new 6abd4a08f4 Last resort against HTML-like input when not allowed
6abd4a08f4 is described below

commit 6abd4a08f41cf9a9c6c99aeea7862fd609982963
Author: Francesco Chicchiriccò <[email protected]>
AuthorDate: Sat Aug 24 09:56:10 2024 +0200

    Last resort against HTML-like input when not allowed
---
 .../client/ui/commons/markup/html/form/TextFieldPanel.java        | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git 
a/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/markup/html/form/TextFieldPanel.java
 
b/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/markup/html/form/TextFieldPanel.java
index eb219b3d57..abbc3f17db 100644
--- 
a/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/markup/html/form/TextFieldPanel.java
+++ 
b/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/markup/html/form/TextFieldPanel.java
@@ -18,7 +18,7 @@
  */
 package org.apache.syncope.client.ui.commons.markup.html.form;
 
-import java.util.regex.Pattern;
+import java.util.Optional;
 import org.apache.wicket.model.IModel;
 import org.apache.wicket.validation.IValidatable;
 import org.apache.wicket.validation.IValidator;
@@ -28,8 +28,6 @@ public abstract class TextFieldPanel extends 
FieldPanel<String> {
 
     private static final long serialVersionUID = 1708195999215061362L;
 
-    private static final Pattern HTML_PATTERN = Pattern.compile(".*<.*");
-
     public TextFieldPanel(final String id, final String name, final 
IModel<String> model) {
         super(id, name, model);
     }
@@ -41,11 +39,11 @@ public abstract class TextFieldPanel extends 
FieldPanel<String> {
 
             @Override
             public void validate(final IValidatable<String> validatable) {
-                if (HTML_PATTERN.matcher(validatable.getValue()).matches()) {
+                Optional.ofNullable(validatable.getValue()).filter(v -> 
v.indexOf('<') != -1).ifPresent(v -> {
                     ValidationError error = new 
ValidationError().addKey("htmlErrorMessage");
                     error.setVariable("label", field.getLabel().getObject());
                     validatable.error(error);
-                }
+                });
             }
         });

Reply via email to