Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[FIXED JENKINS-10460] do not let raw html be imported from remote job…
… description
  • Loading branch information
jieryn committed Oct 15, 2011
1 parent 18a1366 commit ec1711f
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 3 deletions.
2 changes: 1 addition & 1 deletion pom.xml
Expand Up @@ -31,7 +31,7 @@
<parent>
<groupId>org.jenkins-ci.plugins</groupId>
<artifactId>plugin</artifactId>
<version>1.396</version>
<version>1.420</version>
<relativePath>../pom.xml</relativePath>
</parent>

Expand Down
13 changes: 11 additions & 2 deletions src/main/java/org/jenkins/ci/plugins/jobimport/RemoteJob.java
Expand Up @@ -24,6 +24,9 @@

package org.jenkins.ci.plugins.jobimport;

import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang.StringUtils;

/**
* @author <a href="mailto:jieryn@gmail.com">Jesse Farinacci</a>
* @since 1.0
Expand All @@ -49,7 +52,7 @@ public RemoteJob(final String name, final String url, final String description)
super();
this.name = name;
this.url = url;
this.description = description;
this.description = cleanRemoteString(description);
}

public String getName() {
Expand All @@ -73,7 +76,7 @@ public String getDescription() {
}

public void setDescription(final String description) {
this.description = description;
this.description = cleanRemoteString(description);
}

public int compareTo(final RemoteJob other) {
Expand Down Expand Up @@ -107,4 +110,10 @@ public String toString() {
return new StringBuilder().append("RemoteJob: ").append(name).append(", ").append(url).append(", ")
.append(description).toString();
}

protected static final int MAX_STRLEN = 4096;

protected static final String cleanRemoteString(final String string) {
return StringUtils.substring(StringEscapeUtils.escapeHtml(string), 0, MAX_STRLEN);
}
}

0 comments on commit ec1711f

Please sign in to comment.