mirror of https://github.com/webbukkit/dynmap.git
Switch sanitizeHTML to marker load/create/update
This commit is contained in:
Michael Primm
parent
814068cf53
commit
edf6e256e1
|
|
@ -286,6 +286,8 @@ public class Client {
|
|||
private static PolicyFactory sanitizer = null;
|
||||
private static PolicyFactory OLDTAGS = new HtmlPolicyBuilder().allowElements("center", "basefont", "hr").toFactory();
|
||||
public static String sanitizeHTML(String html) {
|
||||
// Don't sanitize if null or no html markup
|
||||
if ((html == null) || (html.indexOf('<') < 0)) return html;
|
||||
PolicyFactory s = sanitizer;
|
||||
if (s == null) {
|
||||
// Generous but safe html formatting allowances
|
||||
|
|
|
|||
|
|
@ -72,9 +72,9 @@ class AreaMarkerImpl implements AreaMarker, EnterExitMarker {
|
|||
AreaMarkerImpl(String id, String lbl, boolean markup, String world, double x[], double z[], boolean persistent, MarkerSetImpl set) {
|
||||
markerid = id;
|
||||
if(lbl != null)
|
||||
label = markup ? lbl : Client.encodeForHTML(lbl);
|
||||
label = markup ? Client.sanitizeHTML(lbl) : Client.encodeForHTML(lbl);
|
||||
else
|
||||
label = markup ? id : Client.encodeForHTML(id);
|
||||
label = markup ? Client.sanitizeHTML(id) : Client.encodeForHTML(id);
|
||||
this.markup = markup;
|
||||
this.corners = new ArrayList<Coord>();
|
||||
for(int i = 0; i < x.length; i++) {
|
||||
|
|
@ -118,9 +118,10 @@ class AreaMarkerImpl implements AreaMarker, EnterExitMarker {
|
|||
* Load marker from configuration node
|
||||
* @param node - configuration node
|
||||
*/
|
||||
boolean loadPersistentData(ConfigurationNode node) {
|
||||
boolean loadPersistentData(ConfigurationNode node, boolean isSafe) {
|
||||
markup = node.getBoolean("markup", false);
|
||||
label = MarkerAPIImpl.escapeForHTMLIfNeeded(node.getString("label", markerid), markup);
|
||||
if (!isSafe) label = Client.sanitizeHTML(label);
|
||||
ytop = node.getDouble("ytop", 64.0);
|
||||
ybottom = node.getDouble("ybottom", 64.0);
|
||||
List<Double> xx = node.getList("x");
|
||||
|
|
@ -133,6 +134,7 @@ class AreaMarkerImpl implements AreaMarker, EnterExitMarker {
|
|||
world = node.getString("world", "world");
|
||||
normalized_world = DynmapWorld.normalizeWorldName(world);
|
||||
desc = node.getString("desc", null);
|
||||
if (!isSafe) desc = Client.sanitizeHTML(desc);
|
||||
lineweight = node.getInteger("strokeWeight", -1);
|
||||
if(lineweight == -1) { /* Handle typo-saved value */
|
||||
lineweight = node.getInteger("stokeWeight", 3);
|
||||
|
|
@ -215,12 +217,7 @@ class AreaMarkerImpl implements AreaMarker, EnterExitMarker {
|
|||
@Override
|
||||
public void setLabel(String lbl, boolean markup) {
|
||||
if(markerset == null) return;
|
||||
if (markup) {
|
||||
label = lbl;
|
||||
}
|
||||
else { // If not markup, escape any HTML-active characters (<>&"')
|
||||
label = Client.encodeForHTML(lbl);
|
||||
}
|
||||
label = markup ? Client.sanitizeHTML(lbl) : Client.encodeForHTML(lbl);
|
||||
this.markup = markup;
|
||||
MarkerAPIImpl.areaMarkerUpdated(this, MarkerUpdate.UPDATED);
|
||||
if(ispersistent)
|
||||
|
|
@ -298,6 +295,7 @@ class AreaMarkerImpl implements AreaMarker, EnterExitMarker {
|
|||
@Override
|
||||
public void setDescription(String desc) {
|
||||
if(markerset == null) return;
|
||||
desc = Client.sanitizeHTML(desc);
|
||||
if((this.desc == null) || (this.desc.equals(desc) == false)) {
|
||||
this.desc = desc;
|
||||
MarkerAPIImpl.areaMarkerUpdated(this, MarkerUpdate.UPDATED);
|
||||
|
|
|
|||
|
|
@ -67,6 +67,7 @@ class CircleMarkerImpl implements CircleMarker, EnterExitMarker {
|
|||
label = markup ? lbl : Client.encodeColorInHTML(lbl);
|
||||
else
|
||||
label = markup ? id : Client.encodeColorInHTML(id);
|
||||
label = Client.sanitizeHTML(label);
|
||||
this.markup = markup;
|
||||
this.x = x; this.y = y; this.z = z;
|
||||
this.xr = xr; this.zr = zr;
|
||||
|
|
@ -86,7 +87,7 @@ class CircleMarkerImpl implements CircleMarker, EnterExitMarker {
|
|||
CircleMarkerImpl(String id, MarkerSetImpl set) {
|
||||
markerid = id;
|
||||
markerset = set;
|
||||
label = Client.encodeForHTML(id);
|
||||
label = Client.sanitizeHTML(Client.encodeForHTML(id));
|
||||
markup = false;
|
||||
desc = null;
|
||||
world = normalized_world = "world";
|
||||
|
|
@ -100,9 +101,10 @@ class CircleMarkerImpl implements CircleMarker, EnterExitMarker {
|
|||
* Load marker from configuration node
|
||||
* @param node - configuration node
|
||||
*/
|
||||
boolean loadPersistentData(ConfigurationNode node) {
|
||||
boolean loadPersistentData(ConfigurationNode node, boolean isSafe) {
|
||||
markup = node.getBoolean("markup", false);
|
||||
label = MarkerAPIImpl.escapeForHTMLIfNeeded(node.getString("label", markerid), markup);
|
||||
if (!isSafe) label = Client.sanitizeHTML(label);
|
||||
world = node.getString("world", "world");
|
||||
normalized_world = DynmapWorld.normalizeWorldName(world);
|
||||
x = node.getDouble("x", 0);
|
||||
|
|
@ -111,6 +113,7 @@ class CircleMarkerImpl implements CircleMarker, EnterExitMarker {
|
|||
xr = node.getDouble("xr", 0);
|
||||
zr = node.getDouble("zr", 0);
|
||||
desc = node.getString("desc", null);
|
||||
if (!isSafe) desc = Client.sanitizeHTML(desc);
|
||||
lineweight = node.getInteger("strokeWeight", -1);
|
||||
if(lineweight == -1) { /* Handle typo-saved value */
|
||||
lineweight = node.getInteger("stokeWeight", 3);
|
||||
|
|
@ -192,6 +195,7 @@ class CircleMarkerImpl implements CircleMarker, EnterExitMarker {
|
|||
@Override
|
||||
public void setLabel(String lbl, boolean markup) {
|
||||
label = markup ? lbl : Client.encodeForHTML(lbl);
|
||||
label = Client.sanitizeHTML(label);
|
||||
this.markup = markup;
|
||||
MarkerAPIImpl.circleMarkerUpdated(this, MarkerUpdate.UPDATED);
|
||||
if(ispersistent)
|
||||
|
|
@ -262,6 +266,7 @@ class CircleMarkerImpl implements CircleMarker, EnterExitMarker {
|
|||
}
|
||||
@Override
|
||||
public void setDescription(String desc) {
|
||||
desc = Client.sanitizeHTML(desc);
|
||||
if((this.desc == null) || (this.desc.equals(desc) == false)) {
|
||||
this.desc = desc;
|
||||
MarkerAPIImpl.circleMarkerUpdated(this, MarkerUpdate.UPDATED);
|
||||
|
|
|
|||
|
|
@ -102,14 +102,14 @@ public class MarkerAPIImpl implements MarkerAPI, Event.Listener<DynmapWorld> {
|
|||
|
||||
public MarkerUpdated(Marker m, boolean deleted) {
|
||||
this.id = m.getMarkerID();
|
||||
this.label = Client.sanitizeHTML(m.getLabel());
|
||||
this.label = m.getLabel();
|
||||
this.x = m.getX();
|
||||
this.y = m.getY();
|
||||
this.z = m.getZ();
|
||||
this.set = m.getMarkerSet().getMarkerSetID();
|
||||
this.icon = m.getMarkerIcon().getMarkerIconID();
|
||||
this.markup = true; // We are markup format all the time now
|
||||
this.desc = Client.sanitizeHTML(m.getDescription());
|
||||
this.desc = m.getDescription();
|
||||
this.dim = m.getMarkerIcon().getMarkerIconSize().getSize();
|
||||
this.minzoom = m.getMinZoom();
|
||||
this.maxzoom = m.getMaxZoom();
|
||||
|
|
@ -153,7 +153,7 @@ public class MarkerAPIImpl implements MarkerAPI, Event.Listener<DynmapWorld> {
|
|||
|
||||
public AreaMarkerUpdated(AreaMarker m, boolean deleted) {
|
||||
this.id = m.getMarkerID();
|
||||
this.label = Client.sanitizeHTML(m.getLabel());
|
||||
this.label = m.getLabel();
|
||||
this.ytop = m.getTopY();
|
||||
this.ybottom = m.getBottomY();
|
||||
int cnt = m.getCornerCount();
|
||||
|
|
@ -168,7 +168,7 @@ public class MarkerAPIImpl implements MarkerAPI, Event.Listener<DynmapWorld> {
|
|||
opacity = m.getLineOpacity();
|
||||
fillcolor = String.format("#%06X", m.getFillColor());
|
||||
fillopacity = m.getFillOpacity();
|
||||
desc = Client.sanitizeHTML(m.getDescription());
|
||||
desc = m.getDescription();
|
||||
this.minzoom = m.getMinZoom();
|
||||
this.maxzoom = m.getMaxZoom();
|
||||
this.markup = true; // We are markup format all the time now
|
||||
|
|
@ -211,7 +211,7 @@ public class MarkerAPIImpl implements MarkerAPI, Event.Listener<DynmapWorld> {
|
|||
|
||||
public PolyLineMarkerUpdated(PolyLineMarker m, boolean deleted) {
|
||||
this.id = m.getMarkerID();
|
||||
this.label = Client.sanitizeHTML(m.getLabel());
|
||||
this.label = m.getLabel();
|
||||
this.markup = true; // We are markup format all the time now
|
||||
int cnt = m.getCornerCount();
|
||||
x = new double[cnt];
|
||||
|
|
@ -225,7 +225,7 @@ public class MarkerAPIImpl implements MarkerAPI, Event.Listener<DynmapWorld> {
|
|||
color = String.format("#%06X", m.getLineColor());
|
||||
weight = m.getLineWeight();
|
||||
opacity = m.getLineOpacity();
|
||||
desc = Client.sanitizeHTML(m.getDescription());
|
||||
desc = m.getDescription();
|
||||
this.minzoom = m.getMinZoom();
|
||||
this.maxzoom = m.getMaxZoom();
|
||||
|
||||
|
|
@ -271,7 +271,7 @@ public class MarkerAPIImpl implements MarkerAPI, Event.Listener<DynmapWorld> {
|
|||
|
||||
public CircleMarkerUpdated(CircleMarker m, boolean deleted) {
|
||||
this.id = m.getMarkerID();
|
||||
this.label = Client.sanitizeHTML(m.getLabel());
|
||||
this.label = m.getLabel();
|
||||
this.x = m.getCenterX();
|
||||
this.y = m.getCenterY();
|
||||
this.z = m.getCenterZ();
|
||||
|
|
@ -283,7 +283,7 @@ public class MarkerAPIImpl implements MarkerAPI, Event.Listener<DynmapWorld> {
|
|||
opacity = m.getLineOpacity();
|
||||
fillcolor = String.format("#%06X", m.getFillColor());
|
||||
fillopacity = m.getFillOpacity();
|
||||
desc = Client.sanitizeHTML(m.getDescription());
|
||||
desc = m.getDescription();
|
||||
this.minzoom = m.getMinZoom();
|
||||
this.maxzoom = m.getMaxZoom();
|
||||
|
||||
|
|
@ -822,6 +822,7 @@ public class MarkerAPIImpl implements MarkerAPI, Event.Listener<DynmapWorld> {
|
|||
final ConfigurationNode conf = new ConfigurationNode(api.markerpersist); /* Make configuration object */
|
||||
/* First, save icon definitions */
|
||||
HashMap<String, Object> icons = new HashMap<String,Object>();
|
||||
conf.put("isSafe", true); // Mark as safe (sanitized)
|
||||
for(String id : api.markericons.keySet()) {
|
||||
MarkerIconImpl ico = api.markericons.get(id);
|
||||
Map<String,Object> dat = ico.getPersistentData();
|
||||
|
|
@ -885,13 +886,14 @@ public class MarkerAPIImpl implements MarkerAPI, Event.Listener<DynmapWorld> {
|
|||
ConfigurationNode conf = new ConfigurationNode(api.markerpersist); /* Make configuration object */
|
||||
conf.load(); /* Load persistence */
|
||||
lock.writeLock().lock();
|
||||
boolean isSafe = conf.getBoolean("isSafe", false);
|
||||
try {
|
||||
/* Get icons */
|
||||
ConfigurationNode icons = conf.getNode("icons");
|
||||
if(icons == null) return false;
|
||||
for(String id : icons.keySet()) {
|
||||
MarkerIconImpl ico = new MarkerIconImpl(id);
|
||||
if(ico.loadPersistentData(icons.getNode(id))) {
|
||||
if(ico.loadPersistentData(icons.getNode(id), isSafe)) {
|
||||
markericons.put(id, ico);
|
||||
}
|
||||
}
|
||||
|
|
@ -900,7 +902,7 @@ public class MarkerAPIImpl implements MarkerAPI, Event.Listener<DynmapWorld> {
|
|||
if(sets != null) {
|
||||
for(String id: sets.keySet()) {
|
||||
MarkerSetImpl set = new MarkerSetImpl(id);
|
||||
if(set.loadPersistentData(sets.getNode(id))) {
|
||||
if(set.loadPersistentData(sets.getNode(id), isSafe)) {
|
||||
markersets.put(id, set);
|
||||
}
|
||||
}
|
||||
|
|
@ -910,7 +912,7 @@ public class MarkerAPIImpl implements MarkerAPI, Event.Listener<DynmapWorld> {
|
|||
if(psets != null) {
|
||||
for(String id: psets.keySet()) {
|
||||
PlayerSetImpl set = new PlayerSetImpl(id);
|
||||
if(set.loadPersistentData(sets.getNode(id))) {
|
||||
if(set.loadPersistentData(sets.getNode(id), isSafe)) {
|
||||
playersets.put(id, set);
|
||||
}
|
||||
}
|
||||
|
|
@ -3329,10 +3331,10 @@ public class MarkerAPIImpl implements MarkerAPI, Event.Listener<DynmapWorld> {
|
|||
mi = MarkerAPIImpl.getMarkerIconImpl(MarkerIcon.DEFAULT);
|
||||
mdata.put("icon", mi.getMarkerIconID());
|
||||
mdata.put("dim", mi.getMarkerIconSize().getSize());
|
||||
mdata.put("label", Client.sanitizeHTML(m.getLabel()));
|
||||
mdata.put("label", m.getLabel());
|
||||
mdata.put("markup", m.isLabelMarkup());
|
||||
if(m.getDescription() != null)
|
||||
mdata.put("desc", Client.sanitizeHTML(m.getDescription()));
|
||||
mdata.put("desc", m.getDescription());
|
||||
if (m.getMinZoom() >= 0) {
|
||||
mdata.put("minzoom", m.getMinZoom());
|
||||
}
|
||||
|
|
@ -3365,10 +3367,10 @@ public class MarkerAPIImpl implements MarkerAPI, Event.Listener<DynmapWorld> {
|
|||
mdata.put("opacity", m.getLineOpacity());
|
||||
mdata.put("fillopacity", m.getFillOpacity());
|
||||
mdata.put("weight", m.getLineWeight());
|
||||
mdata.put("label", Client.sanitizeHTML(m.getLabel()));
|
||||
mdata.put("label", m.getLabel());
|
||||
mdata.put("markup", m.isLabelMarkup());
|
||||
if(m.getDescription() != null)
|
||||
mdata.put("desc", Client.sanitizeHTML(m.getDescription()));
|
||||
mdata.put("desc", m.getDescription());
|
||||
if (m.getMinZoom() >= 0) {
|
||||
mdata.put("minzoom", m.getMinZoom());
|
||||
}
|
||||
|
|
@ -3400,10 +3402,10 @@ public class MarkerAPIImpl implements MarkerAPI, Event.Listener<DynmapWorld> {
|
|||
mdata.put("color", String.format("#%06X", m.getLineColor()));
|
||||
mdata.put("opacity", m.getLineOpacity());
|
||||
mdata.put("weight", m.getLineWeight());
|
||||
mdata.put("label", Client.sanitizeHTML(m.getLabel()));
|
||||
mdata.put("label", m.getLabel());
|
||||
mdata.put("markup", m.isLabelMarkup());
|
||||
if(m.getDescription() != null)
|
||||
mdata.put("desc", Client.sanitizeHTML(m.getDescription()));
|
||||
mdata.put("desc", m.getDescription());
|
||||
if (m.getMinZoom() >= 0) {
|
||||
mdata.put("minzoom", m.getMinZoom());
|
||||
}
|
||||
|
|
@ -3430,10 +3432,10 @@ public class MarkerAPIImpl implements MarkerAPI, Event.Listener<DynmapWorld> {
|
|||
mdata.put("opacity", m.getLineOpacity());
|
||||
mdata.put("fillopacity", m.getFillOpacity());
|
||||
mdata.put("weight", m.getLineWeight());
|
||||
mdata.put("label", Client.sanitizeHTML(m.getLabel()));
|
||||
mdata.put("label", m.getLabel());
|
||||
mdata.put("markup", m.isLabelMarkup());
|
||||
if(m.getDescription() != null)
|
||||
mdata.put("desc", Client.sanitizeHTML(m.getDescription()));
|
||||
mdata.put("desc", m.getDescription());
|
||||
if (m.getMinZoom() >= 0) {
|
||||
mdata.put("minzoom", m.getMinZoom());
|
||||
}
|
||||
|
|
|
|||
|
|
@ -81,7 +81,7 @@ class MarkerIconImpl implements MarkerIcon {
|
|||
return node;
|
||||
}
|
||||
|
||||
boolean loadPersistentData(ConfigurationNode node) {
|
||||
boolean loadPersistentData(ConfigurationNode node, boolean isSafe) {
|
||||
if(is_builtin)
|
||||
return false;
|
||||
|
||||
|
|
|
|||
|
|
@ -63,7 +63,7 @@ class MarkerImpl implements Marker {
|
|||
MarkerImpl(String id, MarkerSetImpl set) {
|
||||
markerid = id;
|
||||
markerset = set;
|
||||
label = Client.encodeForHTML(id);
|
||||
label = Client.sanitizeHTML(Client.encodeForHTML(id));
|
||||
markup = false;
|
||||
desc = null;
|
||||
x = z = 0; y = 64; world = normalized_world = "world";
|
||||
|
|
@ -75,15 +75,17 @@ class MarkerImpl implements Marker {
|
|||
* Load marker from configuration node
|
||||
* @param node - configuration node
|
||||
*/
|
||||
boolean loadPersistentData(ConfigurationNode node) {
|
||||
boolean loadPersistentData(ConfigurationNode node, boolean isSafe) {
|
||||
markup = node.getBoolean("markup", false);
|
||||
label = MarkerAPIImpl.escapeForHTMLIfNeeded(node.getString("label", markerid), markup);
|
||||
if (!isSafe) label = Client.sanitizeHTML(label);
|
||||
x = node.getDouble("x", 0);
|
||||
y = node.getDouble("y", 64);
|
||||
z = node.getDouble("z", 0);
|
||||
world = node.getString("world", "world");
|
||||
normalized_world = DynmapWorld.normalizeWorldName(world);
|
||||
desc = node.getString("desc", null);
|
||||
if (!isSafe) desc = Client.sanitizeHTML(desc);
|
||||
minzoom = node.getInteger("minzoom", -1);
|
||||
maxzoom = node.getInteger("maxzoom", -1);
|
||||
icon = MarkerAPIImpl.getMarkerIconImpl(node.getString("icon", MarkerIcon.DEFAULT));
|
||||
|
|
@ -168,7 +170,7 @@ class MarkerImpl implements Marker {
|
|||
@Override
|
||||
public void setLabel(String lbl, boolean markup) {
|
||||
if(markerset == null) return;
|
||||
label = markup ? lbl : Client.encodeForHTML(lbl);
|
||||
label = Client.sanitizeHTML(markup ? lbl : Client.encodeForHTML(lbl));
|
||||
this.markup = markup;
|
||||
MarkerAPIImpl.markerUpdated(this, MarkerUpdate.UPDATED);
|
||||
if(ispersistent)
|
||||
|
|
@ -239,6 +241,7 @@ class MarkerImpl implements Marker {
|
|||
@Override
|
||||
public void setDescription(String desc) {
|
||||
if(markerset == null) return;
|
||||
desc = Client.sanitizeHTML(desc);
|
||||
if((this.desc == null) || (this.desc.equals(desc) == false)) {
|
||||
this.desc = desc;
|
||||
MarkerAPIImpl.markerUpdated(this, MarkerUpdate.UPDATED);
|
||||
|
|
|
|||
|
|
@ -449,14 +449,14 @@ class MarkerSetImpl implements MarkerSet {
|
|||
* Load marker from configuration node
|
||||
* @param node - configuration node
|
||||
*/
|
||||
boolean loadPersistentData(ConfigurationNode node) {
|
||||
boolean loadPersistentData(ConfigurationNode node, boolean isSafe) {
|
||||
label = node.getString("label", setid); /* Get label */
|
||||
ConfigurationNode markernode = node.getNode("markers");
|
||||
if (markernode != null) {
|
||||
for(String id : markernode.keySet()) {
|
||||
MarkerImpl marker = new MarkerImpl(id, this); /* Make and load marker */
|
||||
ConfigurationNode cfg = markernode.getNode(id);
|
||||
if ((cfg != null) && marker.loadPersistentData(cfg)) {
|
||||
if ((cfg != null) && marker.loadPersistentData(cfg, isSafe)) {
|
||||
markers.put(id, marker);
|
||||
}
|
||||
else {
|
||||
|
|
@ -470,7 +470,7 @@ class MarkerSetImpl implements MarkerSet {
|
|||
for(String id : areamarkernode.keySet()) {
|
||||
AreaMarkerImpl marker = new AreaMarkerImpl(id, this); /* Make and load marker */
|
||||
ConfigurationNode cfg = areamarkernode.getNode(id);
|
||||
if ((cfg != null) && marker.loadPersistentData(cfg)) {
|
||||
if ((cfg != null) && marker.loadPersistentData(cfg, isSafe)) {
|
||||
areamarkers.put(id, marker);
|
||||
if(marker.getBoostFlag()) {
|
||||
if(boostingareamarkers == null) {
|
||||
|
|
@ -496,7 +496,7 @@ class MarkerSetImpl implements MarkerSet {
|
|||
for(String id : linemarkernode.keySet()) {
|
||||
PolyLineMarkerImpl marker = new PolyLineMarkerImpl(id, this); /* Make and load marker */
|
||||
ConfigurationNode cfg = linemarkernode.getNode(id);
|
||||
if ((cfg != null) && marker.loadPersistentData(cfg)) {
|
||||
if ((cfg != null) && marker.loadPersistentData(cfg, isSafe)) {
|
||||
linemarkers.put(id, marker);
|
||||
}
|
||||
else {
|
||||
|
|
@ -510,7 +510,7 @@ class MarkerSetImpl implements MarkerSet {
|
|||
for(String id : circlemarkernode.keySet()) {
|
||||
CircleMarkerImpl marker = new CircleMarkerImpl(id, this); /* Make and load marker */
|
||||
ConfigurationNode cfg = circlemarkernode.getNode(id);
|
||||
if ((cfg != null) && marker.loadPersistentData(cfg)) {
|
||||
if ((cfg != null) && marker.loadPersistentData(cfg, isSafe)) {
|
||||
circlemarkers.put(id, marker);
|
||||
if(marker.getBoostFlag()) {
|
||||
if(boostingcirclemarkers == null) {
|
||||
|
|
|
|||
|
|
@ -71,7 +71,7 @@ class PlayerSetImpl implements PlayerSet {
|
|||
* Load marker from configuration node
|
||||
* @param node - configuration node
|
||||
*/
|
||||
boolean loadPersistentData(ConfigurationNode node) {
|
||||
boolean loadPersistentData(ConfigurationNode node, boolean isSafe) {
|
||||
List<String> plist = node.getList("players");
|
||||
if(plist != null) {
|
||||
players.clear();
|
||||
|
|
|
|||
|
|
@ -53,6 +53,7 @@ class PolyLineMarkerImpl implements PolyLineMarker {
|
|||
label = markup ? lbl : Client.encodeForHTML(lbl);
|
||||
else
|
||||
label = markup ? id : Client.encodeForHTML(id);
|
||||
label = Client.sanitizeHTML(label);
|
||||
this.markup = markup;
|
||||
this.corners = new ArrayList<Coord>();
|
||||
for(int i = 0; i < x.length; i++) {
|
||||
|
|
@ -74,7 +75,7 @@ class PolyLineMarkerImpl implements PolyLineMarker {
|
|||
PolyLineMarkerImpl(String id, MarkerSetImpl set) {
|
||||
markerid = id;
|
||||
markerset = set;
|
||||
label = Client.encodeForHTML(id);
|
||||
label = Client.sanitizeHTML(Client.encodeForHTML(id));
|
||||
markup = false;
|
||||
desc = null;
|
||||
corners = new ArrayList<Coord>();
|
||||
|
|
@ -86,9 +87,10 @@ class PolyLineMarkerImpl implements PolyLineMarker {
|
|||
* Load marker from configuration node
|
||||
* @param node - configuration node
|
||||
*/
|
||||
boolean loadPersistentData(ConfigurationNode node) {
|
||||
boolean loadPersistentData(ConfigurationNode node, boolean isSafe) {
|
||||
markup = node.getBoolean("markup", false);
|
||||
label = MarkerAPIImpl.escapeForHTMLIfNeeded(node.getString("label", markerid), markup);
|
||||
if (!isSafe) label = Client.sanitizeHTML(label);
|
||||
List<Double> xx = node.getList("x");
|
||||
List<Double> yy = node.getList("y");
|
||||
List<Double> zz = node.getList("z");
|
||||
|
|
@ -101,6 +103,7 @@ class PolyLineMarkerImpl implements PolyLineMarker {
|
|||
world = node.getString("world", "world");
|
||||
normalized_world = DynmapWorld.normalizeWorldName(world);
|
||||
desc = node.getString("desc", null);
|
||||
if (!isSafe) desc = Client.sanitizeHTML(desc);
|
||||
lineweight = node.getInteger("strokeWeight", -1);
|
||||
if(lineweight == -1) { /* Handle typo-saved value */
|
||||
lineweight = node.getInteger("stokeWeight", 3);
|
||||
|
|
@ -164,7 +167,7 @@ class PolyLineMarkerImpl implements PolyLineMarker {
|
|||
@Override
|
||||
public void setLabel(String lbl, boolean markup) {
|
||||
if(markerset == null) return;
|
||||
label = markup ? lbl : Client.encodeForHTML(lbl);
|
||||
label = markup ? Client.sanitizeHTML(lbl) : Client.encodeForHTML(lbl);
|
||||
this.markup = markup;
|
||||
MarkerAPIImpl.polyLineMarkerUpdated(this, MarkerUpdate.UPDATED);
|
||||
if(ispersistent)
|
||||
|
|
@ -223,6 +226,7 @@ class PolyLineMarkerImpl implements PolyLineMarker {
|
|||
@Override
|
||||
public void setDescription(String desc) {
|
||||
if(markerset == null) return;
|
||||
desc = Client.sanitizeHTML(desc);
|
||||
if((this.desc == null) || (this.desc.equals(desc) == false)) {
|
||||
this.desc = desc;
|
||||
MarkerAPIImpl.polyLineMarkerUpdated(this, MarkerUpdate.UPDATED);
|
||||
|
|
|
|||
Loading…
Reference in New Issue