textarea improvement

inthepocket · Jan 22, 2022 · 494dfba · 494dfba
1 parent c8954cb
commit 494dfba
Show file tree

Hide file tree

Showing 3 changed files with 51 additions and 1 deletion.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,12 @@
+# Security Policy
+
+
+
+## Reporting a Vulnerability
+
+If you find any security concern, please send a mail to [email protected]
+with title **Security concern**.
+
+We will then study the concern and will answer back by email.
+
+Thanks!
diff --git a/src/main/java/net/sourceforge/plantuml/servlet/PlantUmlServlet.java b/src/main/java/net/sourceforge/plantuml/servlet/PlantUmlServlet.java
@@ -77,6 +77,44 @@ public class PlantUmlServlet extends HttpServlet {
             OptionFlags.ALLOW_INCLUDE = true;
         }
     }
+
+        public static String stringToHTMLString(String string) {
+            final StringBuffer sb = new StringBuffer(string.length());
+            // true if last char was blank
+            final int length = string.length();
+            for (int offset = 0; offset < length; ) {
+                final int c = string.codePointAt(offset);
+                if (c == ' ')
+                    sb.append(' ');
+                else if (c == '"')
+                    sb.append("&quot;");
+                else if (c == '&')
+                    sb.append("&amp;");
+                else if (c == '<')
+                    sb.append("&lt;");
+                else if (c == '>')
+                    sb.append("&gt;");
+                else if (c == '\r')
+                    sb.append("\r");
+                else if (c == '\n')
+                    sb.append("\n");
+                else {
+                    int ci = 0xffffff & c;
+                    if (ci < 160)
+                        // nothing special only 7 Bit
+                        sb.append((char)c);
+                    else {
+                        // Not 7 Bit use the unicode system
+                        sb.append("&#");
+                        sb.append(ci);
+                        sb.append(';');
+                    }
+                }
+                offset += Character.charCount(c);
+            }
+        return sb.toString();
+    }
+
 
     @Override
     public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {

diff --git a/src/main/webapp/index.jsp b/src/main/webapp/index.jsp
@@ -57,7 +57,7 @@
         <%-- CONTENT --%>
         <form method="post" accept-charset="utf-8"  action="<%= hostpath %>/form">
             <p>
-                <textarea id="text" name="text" cols="120" rows="10"><%= decoded %></textarea>
+                <textarea id="text" name="text" cols="120" rows="10"><%= net.sourceforge.plantuml.servlet.PlantUmlServlet.stringToHTMLString(decoded) %></textarea>
                 <input type="submit" />
             </p>
         </form>