This is an automated email from the ASF dual-hosted git repository.
robertlazarski pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-core.git
The following commit(s) were added to refs/heads/master by this push:
new a0c5e60 use HTML encoding on JSON return strings, with the Moshi
implementation also
a0c5e60 is described below
commit a0c5e6040ef9e87d050da6237852e034548d5cb4
Author: Robert Lazarski <robertlazar...@gmail.com>
AuthorDate: Sun Jul 18 18:30:43 2021 -0400
use HTML encoding on JSON return strings, with the Moshi implementation also
---
.../org/apache/axis2/json/moshi/JsonFormatter.java | 2 +-
.../axis2/json/moshi/JsonHtmlXssSerializer.java | 48 ++++++++++++++++++++++
2 files changed, 49 insertions(+), 1 deletion(-)
diff --git a/modules/json/src/org/apache/axis2/json/moshi/JsonFormatter.java
b/modules/json/src/org/apache/axis2/json/moshi/JsonFormatter.java
index 5785849..941451e 100644
--- a/modules/json/src/org/apache/axis2/json/moshi/JsonFormatter.java
+++ b/modules/json/src/org/apache/axis2/json/moshi/JsonFormatter.java
@@ -60,7 +60,7 @@ public class JsonFormatter implements MessageFormatter {
String msg;
try {
- Moshi moshi = new Moshi.Builder().add(Date.class, new
Rfc3339DateJsonAdapter()).build();
+ Moshi moshi = new Moshi.Builder().add(String.class, new
JsonHtmlXssSerializer()).add(Date.class, new Rfc3339DateJsonAdapter()).build();
JsonAdapter<Object> adapter = moshi.adapter(Object.class);
BufferedSink sink = Okio.buffer(Okio.sink(outputStream));
jsonWriter = JsonWriter.of(sink);
diff --git
a/modules/json/src/org/apache/axis2/json/moshi/JsonHtmlXssSerializer.java
b/modules/json/src/org/apache/axis2/json/moshi/JsonHtmlXssSerializer.java
new file mode 100644
index 0000000..241a96e
--- /dev/null
+++ b/modules/json/src/org/apache/axis2/json/moshi/JsonHtmlXssSerializer.java
@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.axis2.json.moshi;
+
+import com.squareup.moshi.JsonAdapter;
+import com.squareup.moshi.JsonReader;
+import com.squareup.moshi.JsonWriter;
+import java.io.IOException;
+
+import org.owasp.encoder.Encode;
+
+public final class JsonHtmlXssSerializer extends JsonAdapter<String> {
+
+ @Override
+ public synchronized String fromJson(JsonReader reader) throws IOException {
+ if (reader.peek() == JsonReader.Token.NULL) {
+ return reader.nextNull();
+ }
+ String string = reader.nextString();
+ return string;
+ }
+
+ @Override
+ public synchronized void toJson(JsonWriter writer, String value) throws
IOException {
+ if (value == null) {
+ writer.nullValue();
+ } else {
+ writer.value(Encode.forHtmlContent(value));
+ }
+ }
+}
