Revize a72aa02c
Přidáno uživatelem stepanekp před asi 3 roky(ů)
| src/main/java/cz/zcu/fav/kiv/antipatterndetectionapp/controller/AppController.java | ||
|---|---|---|
| 9 | 9 |
import cz.zcu.fav.kiv.antipatterndetectionapp.service.ConfigurationService; |
| 10 | 10 |
import cz.zcu.fav.kiv.antipatterndetectionapp.service.ProjectService; |
| 11 | 11 |
import cz.zcu.fav.kiv.antipatterndetectionapp.service.UserAccountService; |
| 12 |
import org.jsoup.Jsoup; |
|
| 13 |
import org.jsoup.safety.Safelist; |
|
| 12 | 14 |
import org.slf4j.Logger; |
| 13 | 15 |
import org.slf4j.LoggerFactory; |
| 14 | 16 |
import org.springframework.beans.factory.annotation.Autowired; |
| ... | ... | |
| 360 | 362 |
String thePath = new FileSystemResource("").getFile().getAbsolutePath() + "\\src\\main\\webapp\\operationalizations\\" + antiPattern.getName() + ".html";
|
| 361 | 363 |
|
| 362 | 364 |
try {
|
| 365 |
Jsoup.clean(innerText, Safelist.basic()); // xss attack prevention |
|
| 363 | 366 |
BufferedWriter writer = new BufferedWriter(new FileWriter(thePath)); |
| 364 | 367 |
writer.write(innerText); |
| 365 | 368 |
writer.close(); |
Také k dispozici: Unified diff
#16 Operationalization text clean from possible xss