Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit c1ca0ea

Browse filesBrowse files
JavaOPsJavaOPs
committed
11_12_XSS
1 parent 0720e0a commit c1ca0ea
Copy full SHA for c1ca0ea
Expand file treeCollapse file tree

25 files changed

+126
-34
lines changed
Open diff view settings
Collapse file

‎pom.xml‎

Copy file name to clipboardExpand all lines: pom.xml
+12-4Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@
2020
<spring-data-jpa.version>2.7.18</spring-data-jpa.version>
2121
<jackson.version>2.20.1</jackson.version>
2222
<tomcat.version>9.0.111</tomcat.version>
23+
<jsoup.version>1.21.2</jsoup.version>
2324

2425
<!-- Hibernate -->
2526
<hibernate.version>5.6.15.Final</hibernate.version>
@@ -184,15 +185,17 @@
184185
<artifactId>hibernate-core</artifactId>
185186
<version>${hibernate.version}</version>
186187
</dependency>
188+
189+
<!-- Validation-->
187190
<dependency>
188191
<groupId>org.hibernate.validator</groupId>
189192
<artifactId>hibernate-validator</artifactId>
190193
<version>${hibernate-validator.version}</version>
191194
</dependency>
192195
<dependency>
193-
<groupId>org.hibernate</groupId>
194-
<artifactId>hibernate-jcache</artifactId>
195-
<version>${hibernate.version}</version>
196+
<groupId>org.jsoup</groupId>
197+
<artifactId>jsoup</artifactId>
198+
<version>${jsoup.version}</version>
196199
</dependency>
197200

198201
<!--http://hibernate.org/validator/documentation/getting-started/#unified-expression-language-el-->
@@ -204,6 +207,11 @@
204207
</dependency>
205208

206209
<!-- Cache -->
210+
<dependency>
211+
<groupId>org.hibernate</groupId>
212+
<artifactId>hibernate-jcache</artifactId>
213+
<version>${hibernate.version}</version>
214+
</dependency>
207215
<dependency>
208216
<groupId>javax.cache</groupId>
209217
<artifactId>cache-api</artifactId>
@@ -407,4 +415,4 @@
407415
</dependency>
408416
</dependencies>
409417
</dependencyManagement>
410-
</project>
418+
</project>
Collapse file

‎src/main/java/ru/javawebinar/topjava/View.java‎

Copy file name to clipboardExpand all lines: src/main/java/ru/javawebinar/topjava/View.java
+4Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,5 +3,9 @@
33
import javax.validation.groups.Default;
44

55
public class View {
6+
// Validate only form UI/REST
7+
public interface Web extends Default {}
8+
9+
// Validate only when DB save/update
610
public interface Persist extends Default {}
711
}
Collapse file

‎src/main/java/ru/javawebinar/topjava/model/AbstractNamedEntity.java‎

Copy file name to clipboardExpand all lines: src/main/java/ru/javawebinar/topjava/model/AbstractNamedEntity.java
+3-1Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,16 +2,18 @@
22

33
import javax.persistence.Column;
44
import javax.persistence.MappedSuperclass;
5+
import ru.javawebinar.topjava.View;
6+
import ru.javawebinar.topjava.util.validation.NoHtml;
57
import javax.validation.constraints.NotBlank;
68
import javax.validation.constraints.Size;
79

8-
910
@MappedSuperclass
1011
public abstract class AbstractNamedEntity extends AbstractBaseEntity {
1112

1213
@NotBlank
1314
@Size(min = 2, max = 128)
1415
@Column(name = "name", nullable = false)
16+
@NoHtml(groups = {View.Web.class})
1517
protected String name;
1618

1719
protected AbstractNamedEntity() {
Collapse file

‎src/main/java/ru/javawebinar/topjava/model/Meal.java‎

Copy file name to clipboardExpand all lines: src/main/java/ru/javawebinar/topjava/model/Meal.java
+2Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@
77
import org.springframework.format.annotation.DateTimeFormat;
88
import ru.javawebinar.topjava.View;
99
import ru.javawebinar.topjava.util.DateTimeUtil;
10+
import ru.javawebinar.topjava.util.validation.NoHtml;
1011

1112
import javax.persistence.*;
1213
import javax.validation.constraints.NotBlank;
@@ -41,6 +42,7 @@ public class Meal extends AbstractBaseEntity {
4142
@Column(name = "description", nullable = false)
4243
@NotBlank
4344
@Size(min = 2, max = 120)
45+
@NoHtml(groups = {View.Web.class})
4446
private String description;
4547

4648
@Column(name = "calories", nullable = false)
Collapse file

‎src/main/java/ru/javawebinar/topjava/model/User.java‎

Copy file name to clipboardExpand all lines: src/main/java/ru/javawebinar/topjava/model/User.java
+3Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,8 @@
77
import org.hibernate.validator.constraints.Range;
88
import org.springframework.util.CollectionUtils;
99
import ru.javawebinar.topjava.HasIdAndEmail;
10+
import ru.javawebinar.topjava.View;
11+
import ru.javawebinar.topjava.util.validation.NoHtml;
1012

1113
import javax.persistence.Entity;
1214
import javax.persistence.NamedQueries;
@@ -40,6 +42,7 @@ public class User extends AbstractNamedEntity implements HasIdAndEmail {
4042
@Email
4143
@NotBlank
4244
@Size(max = 128)
45+
@NoHtml(groups = {View.Web.class}) // https://stackoverflow.com/questions/17480809
4346
private String email;
4447

4548
@Column(name = "password", nullable = false)
Collapse file

‎src/main/java/ru/javawebinar/topjava/repository/jdbc/JdbcMealRepository.java‎

Copy file name to clipboardExpand all lines: src/main/java/ru/javawebinar/topjava/repository/jdbc/JdbcMealRepository.java
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
import org.springframework.transaction.annotation.Transactional;
1212
import ru.javawebinar.topjava.model.Meal;
1313
import ru.javawebinar.topjava.repository.MealRepository;
14-
import ru.javawebinar.topjava.util.ValidationUtil;
14+
import ru.javawebinar.topjava.util.validation.ValidationUtil;
1515

1616
import java.time.LocalDateTime;
1717
import java.util.List;
Collapse file

‎src/main/java/ru/javawebinar/topjava/repository/jdbc/JdbcUserRepository.java‎

Copy file name to clipboardExpand all lines: src/main/java/ru/javawebinar/topjava/repository/jdbc/JdbcUserRepository.java
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313
import ru.javawebinar.topjava.model.Role;
1414
import ru.javawebinar.topjava.model.User;
1515
import ru.javawebinar.topjava.repository.UserRepository;
16-
import ru.javawebinar.topjava.util.ValidationUtil;
16+
import ru.javawebinar.topjava.util.validation.ValidationUtil;
1717

1818
import java.util.*;
1919

Collapse file

‎src/main/java/ru/javawebinar/topjava/service/MealService.java‎

Copy file name to clipboardExpand all lines: src/main/java/ru/javawebinar/topjava/service/MealService.java
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111

1212
import static ru.javawebinar.topjava.util.DateTimeUtil.atStartOfDayOrMin;
1313
import static ru.javawebinar.topjava.util.DateTimeUtil.atStartOfNextDayOrMax;
14-
import static ru.javawebinar.topjava.util.ValidationUtil.checkNotFound;
14+
import static ru.javawebinar.topjava.util.validation.ValidationUtil.checkNotFound;
1515

1616
@Service
1717
public class MealService {
Collapse file

‎src/main/java/ru/javawebinar/topjava/service/UserService.java‎

Copy file name to clipboardExpand all lines: src/main/java/ru/javawebinar/topjava/service/UserService.java
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
import java.util.List;
2020

2121
import static ru.javawebinar.topjava.util.UsersUtil.prepareToSave;
22-
import static ru.javawebinar.topjava.util.ValidationUtil.checkNotFound;
22+
import static ru.javawebinar.topjava.util.validation.ValidationUtil.checkNotFound;
2323

2424
@Service("userService")
2525
@Scope(proxyMode = ScopedProxyMode.TARGET_CLASS)
Collapse file

‎src/main/java/ru/javawebinar/topjava/to/UserTo.java‎

Copy file name to clipboardExpand all lines: src/main/java/ru/javawebinar/topjava/to/UserTo.java
+3Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
import org.hibernate.validator.constraints.Range;
44
import ru.javawebinar.topjava.HasIdAndEmail;
55
import ru.javawebinar.topjava.util.UsersUtil;
6+
import ru.javawebinar.topjava.util.validation.NoHtml;
67

78
import javax.validation.constraints.Email;
89
import javax.validation.constraints.NotBlank;
@@ -17,11 +18,13 @@ public class UserTo extends BaseTo implements HasIdAndEmail, Serializable {
1718

1819
@NotBlank
1920
@Size(min = 2, max = 100)
21+
@NoHtml
2022
private String name;
2123

2224
@Email
2325
@NotBlank
2426
@Size(max = 100)
27+
@NoHtml // https://stackoverflow.com/questions/17480809
2528
private String email;
2629

2730
@NotBlank

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.