Alexander Wels has uploaded a new change for review. Change subject: userportal: allow links in MOTD ......................................................................
userportal: allow links in MOTD - Added the ability for admins to add links in the MOTD in the user portal. These links are checked for safety before being added into the MOTD. Change-Id: I6c78c9e6d6dc9417e22c71dab66ae4507ea5c191 Signed-off-by: Alexander Wels <[email protected]> --- M frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/presenter/AbstractLoginPopupPresenterWidget.java M frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/view/AbstractLoginPopupView.java M frontend/webadmin/modules/userportal-gwtp/src/main/java/org/ovirt/engine/ui/userportal/section/login/view/LoginPopupView.java M frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/login/view/LoginPopupView.java 4 files changed, 40 insertions(+), 11 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/06/24006/1 diff --git a/frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/presenter/AbstractLoginPopupPresenterWidget.java b/frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/presenter/AbstractLoginPopupPresenterWidget.java index c2a6d5b..b55db40 100644 --- a/frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/presenter/AbstractLoginPopupPresenterWidget.java +++ b/frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/presenter/AbstractLoginPopupPresenterWidget.java @@ -17,6 +17,10 @@ import com.google.gwt.event.dom.client.ClickEvent; import com.google.gwt.event.dom.client.ClickHandler; import com.google.gwt.event.shared.EventBus; +import com.google.gwt.safehtml.shared.SafeHtml; +import com.google.gwt.safehtml.shared.SafeHtmlBuilder; +import com.google.gwt.safehtml.shared.SafeHtmlUtils; +import com.google.gwt.safehtml.shared.UriUtils; /** * Base class for login popup presenter widgets. @@ -32,12 +36,13 @@ void resetAndFocus(); - void setErrorMessageHtml(String text); + void setErrorMessageHtml(SafeHtml text); void clearErrorMessage(); HasUiCommandClickHandlers getLoginButton(); + String getMotdAnchor(String url); } private static final Logger logger = Logger.getLogger(AbstractLoginPopupPresenterWidget.class.getName()); @@ -159,18 +164,27 @@ } private void formatAndSetErrorMessage(String message) { + SafeHtml safeMessage = null; if (message != null) { + SafeHtmlBuilder builder = new SafeHtmlBuilder(); int urlIndex = message.indexOf("http");//$NON-NLS-1$ if (urlIndex != -1) { //$NON-NLS-1$ String beforeURL = message.substring(0, urlIndex); - String url = message.substring(urlIndex); - StringBuilder htmlPart = new StringBuilder(); - htmlPart.append(beforeURL) - .append("<a href=\"").append(url).append("\" target=\"_blank\">").append(url).append("</a>"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$ - message = htmlPart.toString(); + int endIndex = message.indexOf(" ", urlIndex) > -1 ? message.indexOf(" ", urlIndex) : message.length(); + //Sanitize the URL, returns # if it is not safe. + String url = UriUtils.sanitizeUri(message.substring(urlIndex, endIndex)); + String motdAnchor = getView().getMotdAnchor(url); + builder.appendEscaped(beforeURL).append(SafeHtmlUtils.fromTrustedString(motdAnchor)); + if (endIndex < message.length()) { + //There was a string after the URL append it as well. + builder.appendEscaped(message.substring(endIndex)); + } + } else { + builder.appendEscaped(message); } + safeMessage = builder.toSafeHtml(); } - getView().setErrorMessageHtml(message); + getView().setErrorMessageHtml(safeMessage); } @Override diff --git a/frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/view/AbstractLoginPopupView.java b/frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/view/AbstractLoginPopupView.java index 82b917b..cd5a72b 100644 --- a/frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/view/AbstractLoginPopupView.java +++ b/frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/view/AbstractLoginPopupView.java @@ -12,6 +12,7 @@ import com.google.gwt.event.dom.client.HasClickHandlers; import com.google.gwt.event.shared.EventBus; import com.google.gwt.i18n.client.LocaleInfo; +import com.google.gwt.safehtml.shared.SafeHtml; import com.google.gwt.uibinder.client.UiField; import com.google.gwt.user.client.Window; import com.google.gwt.user.client.ui.Label; @@ -111,8 +112,8 @@ asWidget().setKeyPressHandler(keyPressHandler); } - protected void setErrorMessageLabel(Label errorMessage, String text) { - errorMessage.getElement().setInnerHTML(text); + protected void setErrorMessageLabel(Label errorMessage, SafeHtml text) { + errorMessage.getElement().setInnerSafeHtml(text); } } diff --git a/frontend/webadmin/modules/userportal-gwtp/src/main/java/org/ovirt/engine/ui/userportal/section/login/view/LoginPopupView.java b/frontend/webadmin/modules/userportal-gwtp/src/main/java/org/ovirt/engine/ui/userportal/section/login/view/LoginPopupView.java index 89c21fc..e9d0579 100644 --- a/frontend/webadmin/modules/userportal-gwtp/src/main/java/org/ovirt/engine/ui/userportal/section/login/view/LoginPopupView.java +++ b/frontend/webadmin/modules/userportal-gwtp/src/main/java/org/ovirt/engine/ui/userportal/section/login/view/LoginPopupView.java @@ -28,8 +28,10 @@ import com.google.gwt.editor.client.SimpleBeanEditorDriver; import com.google.gwt.event.shared.EventBus; import com.google.gwt.resources.client.CssResource; +import com.google.gwt.safehtml.shared.SafeHtml; import com.google.gwt.uibinder.client.UiBinder; import com.google.gwt.uibinder.client.UiField; +import com.google.gwt.user.client.ui.Anchor; import com.google.gwt.user.client.ui.HTML; import com.google.gwt.user.client.ui.Label; import com.google.gwt.user.client.ui.Panel; @@ -245,7 +247,7 @@ } @Override - public void setErrorMessageHtml(String text) { + public void setErrorMessageHtml(SafeHtml text) { setErrorMessageLabel(errorMessage, text); errorMessage.setVisible(text != null); if (errorMessage.isVisible()) { @@ -266,6 +268,11 @@ return loginButton; } + @Override + public String getMotdAnchor(String url) { + return new Anchor(url, url, "_blank").getHTML(); //$NON-NLS-1$ + } + public interface Style extends CssResource { String motd(); diff --git a/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/login/view/LoginPopupView.java b/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/login/view/LoginPopupView.java index 24674d8..3920938 100644 --- a/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/login/view/LoginPopupView.java +++ b/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/login/view/LoginPopupView.java @@ -21,8 +21,10 @@ import com.google.gwt.core.client.GWT; import com.google.gwt.editor.client.SimpleBeanEditorDriver; import com.google.gwt.event.shared.EventBus; +import com.google.gwt.safehtml.shared.SafeHtml; import com.google.gwt.uibinder.client.UiBinder; import com.google.gwt.uibinder.client.UiField; +import com.google.gwt.user.client.ui.Anchor; import com.google.gwt.user.client.ui.Label; import com.google.gwt.user.client.ui.Panel; import com.google.inject.Inject; @@ -163,7 +165,7 @@ } @Override - public void setErrorMessageHtml(String text) { + public void setErrorMessageHtml(SafeHtml text) { setErrorMessageLabel(errorMessage, text); errorMessage.setVisible(text != null); if (errorMessage.isVisible()) { @@ -181,4 +183,9 @@ return loginButton; } + @Override + public String getMotdAnchor(String url) { + return new Anchor(url, url, "_blank").getHTML(); //$NON-NLS-1$ + } + } -- To view, visit http://gerrit.ovirt.org/24006 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I6c78c9e6d6dc9417e22c71dab66ae4507ea5c191 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Alexander Wels <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
