Skip to content

Commit

Permalink
Merge branch 'main' into SITES-13771
Browse files Browse the repository at this point in the history
  • Loading branch information
HollywoodTonight authored Jul 13, 2023
2 parents c243fe7 + 312e3d6 commit 0583083
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -99,10 +99,12 @@ public static String escape(final String path, final String queryString, final S
escaped = sb.insert(path.indexOf(fragment), "#" + fragment).toString();
}
} else {
escaped = sb.append("#").append(URLEncoder.encode(fragment, StandardCharsets.UTF_8.name())
.replace("+", "%20")).toString();
escaped = sb.append("#")
.append(replaceEncodedCharacters(URLEncoder.encode(fragment, StandardCharsets.UTF_8.name())))
.toString();
}
}

} catch (Exception e) {
LOG.error(e.getMessage(), e);
StringBuilder sb = new StringBuilder(path);
Expand Down Expand Up @@ -191,4 +193,20 @@ private static String newPlaceholder(final String str) {

return placeholderBuilder.toString();
}

private static String replaceEncodedCharacters(final String str) {
return str.replace("%2B", "+")
.replace("%3D", "=")
.replace("%7E", "~")
.replace("%24", "$")
.replace("%26", "&")
.replace("%3B", ";")
.replace("%3A", ":")
.replace("%40", "@")
.replace("%21", "!")
.replace("%27", "'")
.replace("%28", "(")
.replace("%29", ")")
.replace("%2C", ",");
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -88,12 +88,14 @@ void testSanitizeExternalLink() {
underTest.sanitize("https://test.com?categ=cat1|cat2", request));
assertEquals("https://test.com?categ=cat1%7Ccat2#top",
underTest.sanitize("https://test.com?categ=cat1|cat2#top", request));
assertEquals("https://test.com?categ=cat1%7Ccat2#top%20level",
assertEquals("https://test.com?categ=cat1%7Ccat2#top+level",
underTest.sanitize("https://test.com?categ=cat1|cat2#top level", request));
assertEquals("https://test.com?recipient=<%= recipient.id %>",
underTest.sanitize("https://test.com?recipient=<%= recipient.id %>", request));
assertEquals("https://test.com/#/downloads/file.html?name=/content/file.zip",
underTest.sanitize("https://test.com/#/downloads/file.html?name=/content/file.zip", request));
assertEquals("https://test.com#page=1-._~!$&'()*+,;=:@",
underTest.sanitize("https://test.com#page=1-._~!$&'()*+,;=:@", request));
}

@Test
Expand Down

0 comments on commit 0583083

Please sign in to comment.