David Development
parent
643b0060e5
commit
d5c277259b
3 changed files with 12 additions and 13 deletions
|
|
@ -48,6 +48,7 @@ import android.widget.ProgressBar;
|
|||
import com.nostra13.universalimageloader.cache.disc.DiskCache;
|
||||
import com.nostra13.universalimageloader.core.ImageLoader;
|
||||
|
||||
import org.apache.commons.lang3.StringEscapeUtils;
|
||||
import org.jsoup.Jsoup;
|
||||
import org.jsoup.nodes.Document;
|
||||
import org.jsoup.select.Elements;
|
||||
|
|
@ -417,7 +418,7 @@ public class NewsDetailFragment extends Fragment {
|
|||
R.attr.rssItemListBackground);
|
||||
int feedColor = colors[0];
|
||||
if(feed != null) {
|
||||
feedTitle = feed.getFeedTitle();
|
||||
feedTitle = StringEscapeUtils.escapeHtml4(feed.getFeedTitle());
|
||||
favIconUrl = feed.getFaviconUrl();
|
||||
if(feed.getAvgColour() != null)
|
||||
feedColor = Integer.parseInt(feed.getAvgColour());
|
||||
|
|
@ -461,12 +462,12 @@ public class NewsDetailFragment extends Fragment {
|
|||
if(showHeader) {
|
||||
builder.append("<div id=\"top_section\">");
|
||||
builder.append("<div id=\"header\">");
|
||||
String title = rssItem.getTitle();
|
||||
String linkToFeed = rssItem.getLink();
|
||||
String title = StringEscapeUtils.escapeHtml4(rssItem.getTitle());
|
||||
String linkToFeed = StringEscapeUtils.escapeHtml4(rssItem.getLink());
|
||||
builder.append(String.format("<a href=\"%s\">%s</a>", linkToFeed, title));
|
||||
builder.append("</div>");
|
||||
|
||||
String authorOfArticle = rssItem.getAuthor();
|
||||
String authorOfArticle = StringEscapeUtils.escapeHtml4(rssItem.getAuthor());
|
||||
if (authorOfArticle != null)
|
||||
if (!authorOfArticle.trim().equals(""))
|
||||
feedTitle += " - " + authorOfArticle.trim();
|
||||
|
|
|
|||
|
|
@ -21,7 +21,6 @@
|
|||
|
||||
package de.luhmer.owncloudnewsreader.reader.owncloud;
|
||||
|
||||
import org.apache.commons.lang3.StringEscapeUtils;
|
||||
import org.json.JSONObject;
|
||||
|
||||
import java.util.ArrayList;
|
||||
|
|
@ -52,8 +51,8 @@ public class InsertFeedIntoDatabase implements IHandleJsonObject{
|
|||
feed.setFaviconUrl(faviconLink);
|
||||
|
||||
//Possible XSS fields
|
||||
feed.setFeedTitle(StringEscapeUtils.escapeHtml4(e.optString("title")));
|
||||
feed.setLink(StringEscapeUtils.escapeHtml4(e.optString("url")));
|
||||
feed.setFeedTitle(e.optString("title"));
|
||||
feed.setLink(e.optString("url"));
|
||||
//feed.setLink(e.optString("link"));
|
||||
|
||||
return feed;
|
||||
|
|
|
|||
|
|
@ -21,7 +21,6 @@
|
|||
|
||||
package de.luhmer.owncloudnewsreader.reader.owncloud;
|
||||
|
||||
import org.apache.commons.lang3.StringEscapeUtils;
|
||||
import org.json.JSONException;
|
||||
import org.json.JSONObject;
|
||||
|
||||
|
|
@ -81,11 +80,11 @@ public class InsertItemIntoDatabase implements IHandleJsonObject {
|
|||
rssItem.setPubDate(pubDate);
|
||||
|
||||
//Possible XSS fields
|
||||
rssItem.setTitle(StringEscapeUtils.escapeHtml4(e.optString("title")));
|
||||
rssItem.setAuthor(StringEscapeUtils.escapeHtml4(e.optString("author")));
|
||||
rssItem.setLink(StringEscapeUtils.escapeHtml4(url));
|
||||
rssItem.setEnclosureLink(StringEscapeUtils.escapeHtml4(enclosureLink));
|
||||
rssItem.setEnclosureMime(StringEscapeUtils.escapeHtml4(enclosureMime));
|
||||
rssItem.setTitle(e.optString("title"));
|
||||
rssItem.setAuthor(e.optString("author"));
|
||||
rssItem.setLink(url);
|
||||
rssItem.setEnclosureLink(enclosureLink);
|
||||
rssItem.setEnclosureMime(enclosureMime);
|
||||
|
||||
return rssItem;
|
||||
/*
|
||||
|
|
|
|||
Loading…
Reference in a new issue