Skip to content
Snippets Groups Projects
Commit 5e3b95a0 authored by Florine Lefebvre's avatar Florine Lefebvre :stuck_out_tongue_closed_eyes:
Browse files

protection formulaire création de fil xss

parent 6909458e
Branches
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
WEB-INF/src/controleur/ThreadController.java
+ 5
0
View file @ 5e3b95a0
...@@ -3,6 +3,9 @@ package controleur; ...@@ -3,6 +3,9 @@ package controleur;
import java.io.IOException; import java.io.IOException;
import java.time.LocalDate; import java.time.LocalDate;
import org.apache.commons.text.StringEscapeUtils;
import org.apache.commons.text.translate.CharSequenceTranslator;
import jakarta.servlet.ServletException; import jakarta.servlet.ServletException;
import jakarta.servlet.annotation.WebServlet; import jakarta.servlet.annotation.WebServlet;
import jakarta.servlet.http.HttpServlet; import jakarta.servlet.http.HttpServlet;
...@@ -79,6 +82,8 @@ public class ThreadController extends HttpServlet { ...@@ -79,6 +82,8 @@ public class ThreadController extends HttpServlet {
break; break;
case "create": case "create":
String name = req.getParameter("name"); String name = req.getParameter("name");
CharSequenceTranslator cst = StringEscapeUtils.ESCAPE_HTML4;
name = cst.translate(name);
idThread = daoThread.create(new Thread(idThread, username, name, LocalDate.now())); idThread = daoThread.create(new Thread(idThread, username, name, LocalDate.now()));
follow = new Follower(username, idThread); follow = new Follower(username, idThread);
daoFollower.create(follow); daoFollower.create(follow);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment