Fix #9 by escaping HTML special characters
1 parent 65b920e commit 6d7160d6c77df69224bcb3963918fa24e4a1647a
@Kimberlee I. Model Kimberlee I. Model authored on 2 May 2022
Showing 2 changed files
View
14
src/main/java/kim/redbow/web/blog/Util.java
public static String dateTime(Timestamp tstmp)
{
return (new SimpleDateFormat(DATE_TIME_FMT)).format(tstmp);
}
 
/**
* Escape special HTML characters.
*
* @param str input string
*/
public static String escapeHTML(String str)
{
return str.replaceAll("&", "&")
.replaceAll("\"", """)
.replaceAll("\'", "'")
.replaceAll("<", "&lt;")
.replaceAll(">", "&gt;");
}
}
View
2
■■■
src/main/webapp/manage/editpost.jsp
<th><label for="title">Title:</label></th>
<td>
<input type="text" name="title" id="title"
value="<%= edit && post.title != null ?
post.title : "" %>" />
Util.escapeHTML(post.title) : "" %>" />
</td>
</tr>
<tr>
<th><label for="urlfragment">URL Fragment:</label></th>