Escape HTML before setting content to CodeViewer

2023-05-17 15:00:57 +04:00 · 2023-05-17 15:00:57 +04:00 · 3aefb2ebda
commit 3aefb2ebda
parent 85123fb039
1 changed files with 16 additions and 1 deletions
--- a/sampler/src/main/java/atlantafx/sampler/page/CodeViewer.java
+++ b/sampler/src/main/java/atlantafx/sampler/page/CodeViewer.java
@ -56,7 +56,7 @@ public class CodeViewer extends AnchorPane {
                .append("<body>")
                .append("<pre>")
                .append("<code class=\"language-java\">")
-                .append(new String(source.readAllBytes(), UTF_8))
+                .append(escapeHtml(new String(source.readAllBytes(), UTF_8)))
                .append("</code>")
                .append("</pre>")
                .append("</body>")
@ -69,4 +69,19 @@ public class CodeViewer extends AnchorPane {
            throw new RuntimeException(e);
        }
    }
+
+    private String escapeHtml(String s) {
+        var out = new StringBuilder(Math.max(128, s.length()));
+        for (int i = 0; i < s.length(); i++) {
+            char c = s.charAt(i);
+            if (c > 127 || c == '"' || c == '\'' || c == '<' || c == '>' || c == '&') {
+                out.append("&#");
+                out.append((int) c);
+                out.append(';');
+            } else {
+                out.append(c);
+            }
+        }
+        return out.toString();
+    }
 }