diff --git a/scm-core/pom.xml b/scm-core/pom.xml
index ae18a384ac..23f0086797 100644
--- a/scm-core/pom.xml
+++ b/scm-core/pom.xml
@@ -74,6 +74,17 @@
guava
11.0.2
+
+
+
+
+ commons-lang
+ commons-lang
+ 2.6
+
diff --git a/scm-core/src/main/java/sonia/scm/repository/ChangesetViewerUtil.java b/scm-core/src/main/java/sonia/scm/repository/ChangesetViewerUtil.java
index e535667592..3cdf09597e 100644
--- a/scm-core/src/main/java/sonia/scm/repository/ChangesetViewerUtil.java
+++ b/scm-core/src/main/java/sonia/scm/repository/ChangesetViewerUtil.java
@@ -35,8 +35,11 @@ package sonia.scm.repository;
//~--- non-JDK imports --------------------------------------------------------
+import com.google.common.collect.Lists;
import com.google.inject.Inject;
+import org.apache.commons.lang.StringEscapeUtils;
+
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -51,6 +54,7 @@ import sonia.scm.util.Util;
import java.io.IOException;
import java.util.Arrays;
+import java.util.List;
import java.util.Set;
/**
@@ -136,8 +140,7 @@ public class ChangesetViewerUtil extends PartCacheClearHook
if (changeset != null)
{
- callPreProcessors(changeset);
- callPreProcessorFactories(repository, changeset);
+ prepareForReturn(repository, changeset);
result = new ChangesetPagingResult(1, Arrays.asList(changeset));
cache.put(key, result);
}
@@ -301,8 +304,7 @@ public class ChangesetViewerUtil extends PartCacheClearHook
{
if (Util.isNotEmpty(result.getChangesets()))
{
- callPreProcessors(result);
- callPreProcessorFactories(repository, result);
+ prepareForReturn(repository, result);
}
cache.put(key, result);
@@ -365,8 +367,7 @@ public class ChangesetViewerUtil extends PartCacheClearHook
{
if (Util.isNotEmpty(result.getChangesets()))
{
- callPreProcessors(result);
- callPreProcessorFactories(repository, result);
+ prepareForReturn(repository, result);
}
cache.put(key, result);
@@ -470,6 +471,109 @@ public class ChangesetViewerUtil extends PartCacheClearHook
}
}
+ /**
+ * Method description
+ *
+ *
+ * @param changeset
+ */
+ private void escape(Changeset changeset)
+ {
+ changeset.setDescription(escape(changeset.getDescription()));
+
+ Person person = changeset.getAuthor();
+
+ if (person != null)
+ {
+ person.setName(escape(person.getName()));
+ person.setMail(escape(person.getMail()));
+ }
+
+ changeset.setBranches(escapeList(changeset.getBranches()));
+ changeset.setTags(escapeList(changeset.getTags()));
+ }
+
+ /**
+ * Method description
+ *
+ *
+ * @param result
+ */
+ private void escape(ChangesetPagingResult result)
+ {
+ for (Changeset c : result)
+ {
+ escape(c);
+ }
+ }
+
+ /**
+ * Method description
+ *
+ *
+ * @param value
+ *
+ * @return
+ */
+ private String escape(String value)
+ {
+ return StringEscapeUtils.escapeHtml(value);
+ }
+
+ /**
+ * Method description
+ *
+ *
+ * @param values
+ *
+ * @return
+ */
+ private List escapeList(List values)
+ {
+ if (Util.isNotEmpty(values))
+ {
+ List newList = Lists.newArrayList();
+
+ for (String v : values)
+ {
+ newList.add(StringEscapeUtils.escapeHtml(v));
+ }
+
+ values = newList;
+ }
+
+ return values;
+ }
+
+ /**
+ * Method description
+ *
+ *
+ * @param repository
+ * @param result
+ */
+ private void prepareForReturn(Repository repository,
+ ChangesetPagingResult result)
+ {
+ escape(result);
+ callPreProcessors(result);
+ callPreProcessorFactories(repository, result);
+ }
+
+ /**
+ * Method description
+ *
+ *
+ * @param repository
+ * @param changeset
+ */
+ private void prepareForReturn(Repository repository, Changeset changeset)
+ {
+ escape(changeset);
+ callPreProcessors(changeset);
+ callPreProcessorFactories(repository, changeset);
+ }
+
//~--- inner classes --------------------------------------------------------
/**