hongshaorou/openrocket
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #2054 from SiboVG/issue-2051

Browse Source 
[#2051] Sanitize some XML content
This commit is contained in:
Sibo Van Gool 2023-02-16 05:12:30 +01:00 committed by GitHub
commit f63acc25fe
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/src/net/sf/openrocket/file/openrocket/OpenRocketSaver.java
View File

@ -627,7 +627,7 @@ public class OpenRocketSaver extends RocketSaver {
private void writeElement(String element, Object content) throws IOException { private void writeElement(String element, Object content) throws IOException {
if (content == null) if (content == null)
content = ""; content = "";
writeln("<" + element + ">" + content + "</" + element + ">"); writeln("<" + element + ">" + TextUtil.escapeXML(content) + "</" + element + ">");
} }

5
core/src/net/sf/openrocket/file/openrocket/savers/RocketComponentSaver.java
View File

@ -40,8 +40,9 @@ public class RocketComponentSaver {
ComponentPreset preset = c.getPresetComponent(); ComponentPreset preset = c.getPresetComponent();
if (preset != null) { if (preset != null) {
elements.add("<preset type=\"" + preset.getType() + elements.add("<preset type=\"" + preset.getType() +
"\" manufacturer=\"" + preset.getManufacturer().getSimpleName() + "\" manufacturer=\"" + TextUtil.escapeXML(preset.getManufacturer().getSimpleName()) +
"\" partno=\"" + preset.getPartNo() + "\" digest=\"" + preset.getDigest() + "\"/>"); "\" partno=\"" + TextUtil.escapeXML(preset.getPartNo()) + "\" digest=\"" +
preset.getDigest() + "\"/>");
} }
// Save outside appearance // Save outside appearance

6
core/src/net/sf/openrocket/util/TextUtil.java
View File

@ -156,7 +156,11 @@ public class TextUtil {
* *
* The result is both valid XML and HTML 2.0. The majority of characters are left unchanged. * The result is both valid XML and HTML 2.0. The majority of characters are left unchanged.
*/ */
public static String escapeXML(String s) { public static String escapeXML(Object obj) {
if (obj == null) {
return "";
}
String s = obj.toString();
StringBuilder sb = new StringBuilder(s.length()); StringBuilder sb = new StringBuilder(s.length());
for (int i = 0; i < s.length(); i++) { for (int i = 0; i < s.length(); i++) {