Skip to content

Commit

Permalink
XWIKI-20283: Improved escaping on Invitation.InvitationCommon
Browse files Browse the repository at this point in the history
  • Loading branch information
@manuelleduc
manuelleduc committed Dec 8, 2022
1 parent a77cbeb commit 3d055a0
Show file tree
Hide file tree
Showing 3 changed files with 330 additions and 18 deletions.
33 changes: 33 additions & 0 deletions xwiki-platform-core/xwiki-platform-invitation/xwiki-platform-invitation-ui/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,5 +44,38 @@
<type>xar</type>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.xwiki.platform</groupId>
<artifactId>xwiki-platform-rendering-xwiki</artifactId>
<version>${project.version}</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.xwiki.platform</groupId>
<artifactId>xwiki-platform-user-default</artifactId>
<version>${project.version}</version>
<scope>runtime</scope>
</dependency>
<!-- Test dependencies. -->
<dependency>
<groupId>org.xwiki.platform</groupId>
<artifactId>xwiki-platform-test-page</artifactId>
<version>${project.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.xwiki.platform</groupId>
<artifactId>xwiki-platform-rendering-xwiki</artifactId>
<version>${project.version}</version>
<type>test-jar</type>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.xwiki.platform</groupId>
<artifactId>xwiki-platform-user-default</artifactId>
<version>${project.version}</version>
<type>test-jar</type>
<scope>test</scope>
</dependency>
</dependencies>
</project>
46 changes: 28 additions & 18 deletions ...nvitation/xwiki-platform-invitation-ui/src/main/resources/Invitation/InvitationCommon.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-->

<xwikidoc version="1.3" reference="Invitation.InvitationCommon" locale="">
<xwikidoc version="1.4" reference="Invitation.InvitationCommon" locale="">
<web>Invitation</web>
<name>InvitationCommon</name>
<language/>
Expand All @@ -34,7 +34,7 @@
<title/>
<comment/>
<minorEdit>false</minorEdit>
<syntaxId>xwiki/2.0</syntaxId>
<syntaxId>xwiki/2.1</syntaxId>
<hidden>true</hidden>
<content>{{velocity}}
#*
Expand Down Expand Up @@ -80,7 +80,7 @@

{{html wiki=false clean=false}}
&lt;div id="invitation-displaymessage" class="invitation"&gt;
&lt;strong&gt;$services.localization.render('xe.invitation.previewLabel')&lt;/strong&gt;
&lt;strong&gt;$escapetool.xml($services.localization.render('xe.invitation.previewLabel'))&lt;/strong&gt;
&lt;div class="invitation invitation-preview"&gt;
#set($recips = [])
#set($invalid = [])
Expand All @@ -99,7 +99,7 @@
#end
## Print the email addresses to be sent to.
## To:
&lt;strong&gt;$services.localization.render('xe.invitation.toLabel')&lt;/strong&gt;
&lt;strong&gt;$escapetool.xml($services.localization.render('xe.invitation.toLabel'))&lt;/strong&gt;
&lt;div id="preview-to-field" class="invitation-preview field"&gt;
#foreach($recip in $recips)
#if($invalid.contains($recip))
Expand All @@ -120,24 +120,24 @@
&lt;span class="errormessage"&gt;
#if($recips.size() == 1)
## The email address given is invalid and will not be sent to.
$services.localization.render('xe.invitation.displayMessage.theAddressIsInvalid')
$escapetool.xml($services.localization.render('xe.invitation.displayMessage.theAddressIsInvalid'))
#else
#if($invalid.size() &gt; 1)
$services.localization.render('xe.invitation.displayMessage.someAddressesAreInvalid', [$invalidAddresses.size()])
$escapetool.xml($services.localization.render('xe.invitation.displayMessage.someAddressesAreInvalid', [$invalidAddresses.size()]))
#else
$services.localization.render('xe.invitation.displayMessage.anAddressesIsInvalid')
$escapetool.xml($services.localization.render('xe.invitation.displayMessage.anAddressesIsInvalid'))
#end
#end
&lt;/span&gt;
&lt;/p&gt;
#end
## Subject:
&lt;strong&gt;$services.localization.render('xe.invitation.subjectLabel')&lt;/strong&gt;
&lt;strong&gt;$escapetool.xml($services.localization.render('xe.invitation.subjectLabel'))&lt;/strong&gt;
&lt;div id="preview-subjectline-field" class="invitation-preview field"&gt;
$escapetool.xml($mail.getProperty('subjectLine').getValue())
&lt;/div&gt;
## Message:
&lt;strong&gt;$services.localization.render('xe.invitation.contentLabel')&lt;/strong&gt;
&lt;strong&gt;$escapetool.xml($services.localization.render('xe.invitation.contentLabel'))&lt;/strong&gt;
&lt;div id="preview-messagebody-field" class="invitation-preview field"&gt;
$mail.getProperty('messageBody').getValue()
&lt;/div&gt;
Expand Down Expand Up @@ -232,7 +232,8 @@
#end
#set($configClass = $xwiki.getDocumentAsAuthor("${doc.getSpace()}.WebHome"))
#if($configClass.isNew())
{{error}}Class document [[${doc.getSpace()}.WebHome]] not found. can't run test.{{/error}}
#set ($classDocumentLink = $services.rendering.escape("${doc.getSpace()}.WebHome", 'xwiki/2.1'))
{{error}}Class document [[$classDocumentLink]] not found. can't run test.{{/error}}
#else
#set($config = {})
#loadInvitationConfig($config, 'HopefullyNonexistantSpace')
Expand Down Expand Up @@ -496,10 +497,10 @@
<number>5</number>
<picker>1</picker>
<prettyName>Email message XClass</prettyName>
<size>30</size>
<relationalStorage>0</relationalStorage>
<separator> </separator>
<separators/>
<size>30</size>
<sort>none</sort>
<sql/>
<unmodifiable>0</unmodifiable>
Expand All @@ -521,10 +522,10 @@
<number>9</number>
<picker>1</picker>
<prettyName>Document containing email XObjects</prettyName>
<size>30</size>
<relationalStorage>0</relationalStorage>
<separator> </separator>
<separators/>
<size>30</size>
<sort>none</sort>
<sql/>
<unmodifiable>0</unmodifiable>
Expand Down Expand Up @@ -843,11 +844,14 @@ $services.localization.render('xe.invitation.emailContent.reportMessage', ["&lt;
<validationScript/>
<cache>
<cache>0</cache>
<defaultValue>long</defaultValue>
<disabled>0</disabled>
<displayType>select</displayType>
<freeText>forbidden</freeText>
<largeStorage>0</largeStorage>
<multiSelect>0</multiSelect>
<name>cache</name>
<number>6</number>
<number>5</number>
<prettyName>Caching policy</prettyName>
<relationalStorage>0</relationalStorage>
<separator> </separator>
Expand All @@ -858,9 +862,11 @@ $services.localization.render('xe.invitation.emailContent.reportMessage', ["&lt;
<classType>com.xpn.xwiki.objects.classes.StaticListClass</classType>
</cache>
<code>
<contenttype>PureText</contenttype>
<disabled>0</disabled>
<editor>PureText</editor>
<name>code</name>
<number>3</number>
<number>2</number>
<prettyName>Code</prettyName>
<rows>20</rows>
<size>50</size>
Expand All @@ -871,9 +877,11 @@ $services.localization.render('xe.invitation.emailContent.reportMessage', ["&lt;
<cache>0</cache>
<disabled>0</disabled>
<displayType>select</displayType>
<freeText>forbidden</freeText>
<largeStorage>0</largeStorage>
<multiSelect>0</multiSelect>
<name>contentType</name>
<number>1</number>
<number>6</number>
<prettyName>Content Type</prettyName>
<relationalStorage>0</relationalStorage>
<separator> </separator>
Expand All @@ -886,7 +894,7 @@ $services.localization.render('xe.invitation.emailContent.reportMessage', ["&lt;
<name>
<disabled>0</disabled>
<name>name</name>
<number>2</number>
<number>1</number>
<prettyName>Name</prettyName>
<size>30</size>
<unmodifiable>0</unmodifiable>
Expand All @@ -897,7 +905,7 @@ $services.localization.render('xe.invitation.emailContent.reportMessage', ["&lt;
<displayFormType>select</displayFormType>
<displayType>yesno</displayType>
<name>parse</name>
<number>5</number>
<number>4</number>
<prettyName>Parse content</prettyName>
<unmodifiable>0</unmodifiable>
<classType>com.xpn.xwiki.objects.classes.BooleanClass</classType>
Expand All @@ -906,9 +914,11 @@ $services.localization.render('xe.invitation.emailContent.reportMessage', ["&lt;
<cache>0</cache>
<disabled>0</disabled>
<displayType>select</displayType>
<freeText>forbidden</freeText>
<largeStorage>0</largeStorage>
<multiSelect>0</multiSelect>
<name>use</name>
<number>4</number>
<number>3</number>
<prettyName>Use this extension</prettyName>
<relationalStorage>0</relationalStorage>
<separator> </separator>
Expand Down
Loading

0 comments on commit 3d055a0

Please sign in to comment.