From 5e3b95a003d23d29fc6a6d119e30ef546f31e5e9 Mon Sep 17 00:00:00 2001
From: Florine Lefebvre <florine.lefebvre.etu@univ-lille.fr>
Date: Mon, 17 Mar 2025 10:48:53 +0100
Subject: [PATCH] =?UTF-8?q?protection=20formulaire=20cr=C3=A9ation=20de=20?=
 =?UTF-8?q?fil=20xss?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 WEB-INF/src/controleur/ThreadController.java | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/WEB-INF/src/controleur/ThreadController.java b/WEB-INF/src/controleur/ThreadController.java
index 4c79a52..940e345 100644
--- a/WEB-INF/src/controleur/ThreadController.java
+++ b/WEB-INF/src/controleur/ThreadController.java
@@ -3,6 +3,9 @@ package controleur;
 import java.io.IOException;
 import java.time.LocalDate;
 
+import org.apache.commons.text.StringEscapeUtils;
+import org.apache.commons.text.translate.CharSequenceTranslator;
+
 import jakarta.servlet.ServletException;
 import jakarta.servlet.annotation.WebServlet;
 import jakarta.servlet.http.HttpServlet;
@@ -79,6 +82,8 @@ public class ThreadController extends HttpServlet {
                 break;
             case "create":
                 String name = req.getParameter("name");
+                CharSequenceTranslator cst = StringEscapeUtils.ESCAPE_HTML4;
+                name = cst.translate(name);
                 idThread = daoThread.create(new Thread(idThread, username, name, LocalDate.now()));
                 follow = new Follower(username, idThread);
                 daoFollower.create(follow);
-- 
GitLab