protection formulaire création de fil xss

5e3b95a0 · Florine Lefebvre · 6909458e · 5e3b95a0
Commit 5e3b95a0 authored 1 month ago by Florine Lefebvre
--- a/WEB-INF/src/controleur/ThreadController.java
+++ b/WEB-INF/src/controleur/ThreadController.java
@@ -3,6 +3,9 @@ package controleur;
 import java.io.IOException;
 import java.time.LocalDate;

+import org.apache.commons.text.StringEscapeUtils;
+import org.apache.commons.text.translate.CharSequenceTranslator;
+
 import jakarta.servlet.ServletException;
 import jakarta.servlet.annotation.WebServlet;
 import jakarta.servlet.http.HttpServlet;
@@ -79,6 +82,8 @@ public class ThreadController extends HttpServlet {
                break;
            case "create":
                String name = req.getParameter("name");
+                CharSequenceTranslator cst = StringEscapeUtils.ESCAPE_HTML4;
+                name = cst.translate(name);
                idThread = daoThread.create(new Thread(idThread, username, name, LocalDate.now()));
                follow = new Follower(username, idThread);
                daoFollower.create(follow);