diff --git a/News-Android-App/src/main/java/de/luhmer/owncloudnewsreader/NewsDetailFragment.java b/News-Android-App/src/main/java/de/luhmer/owncloudnewsreader/NewsDetailFragment.java index 1ba15865..bc7cfe65 100644 --- a/News-Android-App/src/main/java/de/luhmer/owncloudnewsreader/NewsDetailFragment.java +++ b/News-Android-App/src/main/java/de/luhmer/owncloudnewsreader/NewsDetailFragment.java @@ -48,6 +48,7 @@ import android.widget.ProgressBar; import com.nostra13.universalimageloader.cache.disc.DiskCache; import com.nostra13.universalimageloader.core.ImageLoader; +import org.apache.commons.lang3.StringEscapeUtils; import org.jsoup.Jsoup; import org.jsoup.nodes.Document; import org.jsoup.select.Elements; @@ -417,7 +418,7 @@ public class NewsDetailFragment extends Fragment { R.attr.rssItemListBackground); int feedColor = colors[0]; if(feed != null) { - feedTitle = feed.getFeedTitle(); + feedTitle = StringEscapeUtils.escapeHtml4(feed.getFeedTitle()); favIconUrl = feed.getFaviconUrl(); if(feed.getAvgColour() != null) feedColor = Integer.parseInt(feed.getAvgColour()); @@ -461,12 +462,12 @@ public class NewsDetailFragment extends Fragment { if(showHeader) { builder.append("
"); builder.append("
"); - String title = rssItem.getTitle(); - String linkToFeed = rssItem.getLink(); + String title = StringEscapeUtils.escapeHtml4(rssItem.getTitle()); + String linkToFeed = StringEscapeUtils.escapeHtml4(rssItem.getLink()); builder.append(String.format("%s", linkToFeed, title)); builder.append("
"); - String authorOfArticle = rssItem.getAuthor(); + String authorOfArticle = StringEscapeUtils.escapeHtml4(rssItem.getAuthor()); if (authorOfArticle != null) if (!authorOfArticle.trim().equals("")) feedTitle += " - " + authorOfArticle.trim(); diff --git a/News-Android-App/src/main/java/de/luhmer/owncloudnewsreader/reader/owncloud/InsertFeedIntoDatabase.java b/News-Android-App/src/main/java/de/luhmer/owncloudnewsreader/reader/owncloud/InsertFeedIntoDatabase.java index a6749b72..f6ab786c 100644 --- a/News-Android-App/src/main/java/de/luhmer/owncloudnewsreader/reader/owncloud/InsertFeedIntoDatabase.java +++ b/News-Android-App/src/main/java/de/luhmer/owncloudnewsreader/reader/owncloud/InsertFeedIntoDatabase.java @@ -21,7 +21,6 @@ package de.luhmer.owncloudnewsreader.reader.owncloud; -import org.apache.commons.lang3.StringEscapeUtils; import org.json.JSONObject; import java.util.ArrayList; @@ -52,8 +51,8 @@ public class InsertFeedIntoDatabase implements IHandleJsonObject{ feed.setFaviconUrl(faviconLink); //Possible XSS fields - feed.setFeedTitle(StringEscapeUtils.escapeHtml4(e.optString("title"))); - feed.setLink(StringEscapeUtils.escapeHtml4(e.optString("url"))); + feed.setFeedTitle(e.optString("title")); + feed.setLink(e.optString("url")); //feed.setLink(e.optString("link")); return feed; diff --git a/News-Android-App/src/main/java/de/luhmer/owncloudnewsreader/reader/owncloud/InsertItemIntoDatabase.java b/News-Android-App/src/main/java/de/luhmer/owncloudnewsreader/reader/owncloud/InsertItemIntoDatabase.java index 269b3c37..732990ea 100644 --- a/News-Android-App/src/main/java/de/luhmer/owncloudnewsreader/reader/owncloud/InsertItemIntoDatabase.java +++ b/News-Android-App/src/main/java/de/luhmer/owncloudnewsreader/reader/owncloud/InsertItemIntoDatabase.java @@ -21,7 +21,6 @@ package de.luhmer.owncloudnewsreader.reader.owncloud; -import org.apache.commons.lang3.StringEscapeUtils; import org.json.JSONException; import org.json.JSONObject; @@ -81,11 +80,11 @@ public class InsertItemIntoDatabase implements IHandleJsonObject { rssItem.setPubDate(pubDate); //Possible XSS fields - rssItem.setTitle(StringEscapeUtils.escapeHtml4(e.optString("title"))); - rssItem.setAuthor(StringEscapeUtils.escapeHtml4(e.optString("author"))); - rssItem.setLink(StringEscapeUtils.escapeHtml4(url)); - rssItem.setEnclosureLink(StringEscapeUtils.escapeHtml4(enclosureLink)); - rssItem.setEnclosureMime(StringEscapeUtils.escapeHtml4(enclosureMime)); + rssItem.setTitle(e.optString("title")); + rssItem.setAuthor(e.optString("author")); + rssItem.setLink(url); + rssItem.setEnclosureLink(enclosureLink); + rssItem.setEnclosureMime(enclosureMime); return rssItem; /*