Community
Participate
Working Groups
Link widget should only allow <a> tags and should escape everything else.
*** Bug 200392 has been marked as a duplicate of this bug. ***
If I had time, I am interested to work on this bug for the next eclipse bug day (31 august). Is it ok ?
(In reply to comment #2) > If I had time, I am interested to work on this bug for the next eclipse bug day > (31 august). Is it ok ? > *have
Sure. You're welcome to contribute patches :-) If you have any problems, don't hesitate to ask here or on the newsgroup.
Created attachment 77526 [details] escape html tags other than <a>, </a> and <a * It is not clearly perfect, i need to still work on it. however could someone review to see if I am on the goodway ?
Thanks a lot for the path, but I am sorry to say that you are on the wrong path. Directly manipulating the value passed to setText() violates the condition that getText() must return this value as is. Link_Test#textText and #testAdapter ensure this behaviour and would fail with youpath applied. The escaping should rather be done in LinkLCA as this is the mediator between server and client. Have a look at LinkLCA#writeNormalText and #writeLinkText.It shluld suffice to just escape the text that is passed in these methods. If you are lucky you can even use WidgetLCAUtil#escapeText(String,boolean). I will attach a s test case.
Created attachment 77755 [details] Unit test that should be passed when escaping text
Thanks for the infos, tips, and the JUnit test. I will have a look on this tomorrow and provide a new patch.
Created attachment 78497 [details] escape html tags This patch escapes html tags with WidgetLCAUtil#escapeText(String,boolean). It fails the test case, because the test case checks if the text between not allowed markups (like "script") is removed. I think it's not necessary and that escape html should suffice.
Sorry for the delay, there was just too much workload in the last time. Your second patch is ok but I changed the mnemonics parameter to true, because the SWT Link widget indeed respects mnemonics. Tests are all green. Thank you for participating, I hope you continue and have fun.