Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[WIP] Remove javascript components #52

Open
wants to merge 16 commits into
base: develop
Choose a base branch
from
Prev Previous commit
Next Next commit
Remove input element restrictions
pvorb committed Jul 2, 2018

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
commit b5206dcbb5ceaf714ad1ac59992fbc07a7d8991d
Original file line number Diff line number Diff line change
@@ -42,8 +42,6 @@ public class CommentSanitizer {

private static final PolicyFactory NO_HTML_POLICY = new HtmlPolicyBuilder().toFactory();

private final InputSanitizer inputSanitizer;

public void sanitizeComment(Comment comment) {

if (comment.getAuthor() != null) {
@@ -62,10 +60,6 @@ public void sanitizeComment(Comment comment) {
.orElse(null)
);
}

final String requestText = comment.getTextSource();
final String sanitizedText = inputSanitizer.sanitize(requestText);
comment.setTextHtml(sanitizedText);
}

private Optional<URI> validateUrl(String urlAsString) {

This file was deleted.

This file was deleted.

24 changes: 0 additions & 24 deletions src/main/java/de/vorb/platon/web/api/common/InputSanitizer.java

This file was deleted.

Original file line number Diff line number Diff line change
@@ -24,15 +24,13 @@
import de.vorb.platon.security.SignatureCreator;
import de.vorb.platon.web.api.common.CommentFilters;
import de.vorb.platon.web.api.common.CommentSanitizer;
import de.vorb.platon.web.api.common.CommentUriResolver;
import de.vorb.platon.web.api.common.RequestValidator;
import de.vorb.platon.web.mvc.errors.RequestException;

import com.google.common.collect.ImmutableMap;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestParam;
Original file line number Diff line number Diff line change
@@ -38,6 +38,18 @@
@RequiredArgsConstructor
public class ReplyFormController {

private static final byte[] EMPTY_STRING_HASH = new byte[20];

static {
try {
final MessageDigest sha1 = MessageDigest.getInstance("SHA-1");
final byte[] hash = sha1.digest("".getBytes(StandardCharsets.UTF_8));
System.arraycopy(hash, 0, EMPTY_STRING_HASH, 0, hash.length);
} catch (NoSuchAlgorithmException e) {
log.warn("SHA-1 not supported");
}
}

private static final String VIEW_NAME = "comment-form";

private static final Pattern HTML_TAG_PATTERN = Pattern.compile("<[^>]+>");
@@ -97,7 +109,7 @@ private Comment createComment(HttpServletRequest request, long threadId, Long pa
}
}
if (authorHash == null) {
authorHash = new byte[0];
authorHash = EMPTY_STRING_HASH;
}

final LocalDateTime now = LocalDateTime.now(clock);
2 changes: 0 additions & 2 deletions src/test/java/de/vorb/platon/HtmlInputSanitizerTest.java
Original file line number Diff line number Diff line change
@@ -16,8 +16,6 @@

package de.vorb.platon;

import de.vorb.platon.web.api.common.HtmlInputSanitizer;

import org.junit.Before;
import org.junit.Test;

Original file line number Diff line number Diff line change
@@ -23,7 +23,6 @@
import de.vorb.platon.web.api.common.CommentConverter;
import de.vorb.platon.web.api.common.CommentFilters;
import de.vorb.platon.web.api.common.CommentSanitizer;
import de.vorb.platon.web.api.common.CommentUriResolver;
import de.vorb.platon.web.api.common.RequestValidator;
import de.vorb.platon.web.api.json.CommentJson;
import de.vorb.platon.web.mvc.comments.CommentController;