From 70297df48af08e42aef141b4623d3ac7704918d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Francesco=20Chicchiricc=C3=B2?= Date: Sat, 24 Aug 2024 09:56:10 +0200 Subject: [PATCH] Last resort against HTML-like input when not allowed --- .../ui/commons/markup/html/form/TextFieldPanel.java | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/markup/html/form/TextFieldPanel.java b/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/markup/html/form/TextFieldPanel.java index eb219b3d57..abbc3f17db 100644 --- a/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/markup/html/form/TextFieldPanel.java +++ b/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/markup/html/form/TextFieldPanel.java @@ -18,7 +18,7 @@ */ package org.apache.syncope.client.ui.commons.markup.html.form; -import java.util.regex.Pattern; +import java.util.Optional; import org.apache.wicket.model.IModel; import org.apache.wicket.validation.IValidatable; import org.apache.wicket.validation.IValidator; @@ -28,8 +28,6 @@ public abstract class TextFieldPanel extends FieldPanel { private static final long serialVersionUID = 1708195999215061362L; - private static final Pattern HTML_PATTERN = Pattern.compile(".*<.*"); - public TextFieldPanel(final String id, final String name, final IModel model) { super(id, name, model); } @@ -41,11 +39,11 @@ protected TextFieldPanel setHTMLInputNotAllowed() { @Override public void validate(final IValidatable validatable) { - if (HTML_PATTERN.matcher(validatable.getValue()).matches()) { + Optional.ofNullable(validatable.getValue()).filter(v -> v.indexOf('<') != -1).ifPresent(v -> { ValidationError error = new ValidationError().addKey("htmlErrorMessage"); error.setVariable("label", field.getLabel().getObject()); validatable.error(error); - } + }); } });