[onionoo/master] Escape "s in AS names and other fields. - tor-commits

5 Mar 2012

commit d88a69b1626d1ac298d2f7fb1c2d2807223c2f9a
Author: Karsten Loesing karsten.loesing@gmx.net
Date:   Mon Mar 5 10:20:44 2012 +0100
Escape "s in AS names and other fields.
---
 build.xml                                        |    1 +
 src/org/torproject/onionoo/DetailDataWriter.java |   29 +++++++++++++++-------
 2 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/build.xml b/build.xml
index 995fa2f..652a49b 100644
--- a/build.xml
+++ b/build.xml
@@ -11,6 +11,7 @@
   <path id="classpath">
     <pathelement path="${classes}"/>
     <pathelement location="lib/commons-codec-1.4.jar"/>
+    <pathelement location="lib/commons-lang-2.5.jar"/>
     <pathelement location="lib/servlet-api.jar"/>
     <pathelement location="lib/descriptor.jar"/>
     <pathelement location="lib/maxmindgeoip.jar"/>
diff --git a/src/org/torproject/onionoo/DetailDataWriter.java b/src/org/torproject/onionoo/DetailDataWriter.java
index 98f0cb1..35b6484 100644
--- a/src/org/torproject/onionoo/DetailDataWriter.java
+++ b/src/org/torproject/onionoo/DetailDataWriter.java
@@ -21,6 +21,8 @@ import java.util.TimeZone;
 import java.util.TreeMap;
 import java.util.TreeSet;
+import org.apache.commons.lang.StringEscapeUtils;
+
 import org.torproject.descriptor.BridgePoolAssignment;
 import org.torproject.descriptor.Descriptor;
 import org.torproject.descriptor.DescriptorFile;
@@ -278,11 +280,14 @@ public class DetailDataWriter {
         }
         sb.append("\n]");
         if (descriptor.getContact() != null) {
-          sb.append(",\n"contact":"" + descriptor.getContact() + """);
+          sb.append(",\n"contact":""
+              + StringEscapeUtils.escapeJavaScript(
+              descriptor.getContact()) + """);
         }
         if (descriptor.getPlatform() != null) {
-          sb.append(",\n"platform":"" + descriptor.getPlatform()
-              + """);
+          sb.append(",\n"platform":""
+              + StringEscapeUtils.escapeJavaScript(
+              descriptor.getPlatform()) + """);
         }
         if (descriptor.getFamilyEntries() != null) {
           sb.append(",\n"family":[");
@@ -338,19 +343,24 @@ public class DetailDataWriter {
         sb.append(",\n"longitude":" + longitude);
       }
       if (countryName != null) {
-        sb.append(",\n"country_name":"" + countryName + """);
+        sb.append(",\n"country_name":""
+            + StringEscapeUtils.escapeJavaScript(countryName) + """);
       }
       if (regionName != null) {
-        sb.append(",\n"region_name":"" + regionName + """);
+        sb.append(",\n"region_name":""
+            + StringEscapeUtils.escapeJavaScript(regionName) + """);
       }
       if (cityName != null) {
-        sb.append(",\n"city_name":"" + cityName + """);
+        sb.append(",\n"city_name":""
+            + StringEscapeUtils.escapeJavaScript(cityName) + """);
       }
       if (aSNumber != null) {
-        sb.append(",\n"as_number":"" + aSNumber + """);
+        sb.append(",\n"as_number":""
+            + StringEscapeUtils.escapeJavaScript(aSNumber) + """);
       }
       if (cityName != null) {
-        sb.append(",\n"as_name":"" + aSName + """);
+        sb.append(",\n"as_name":""
+            + StringEscapeUtils.escapeJavaScript(aSName) + """);
       }
/* Add exit addresses if at least one of them is distinct from the
@@ -482,7 +492,8 @@ public class DetailDataWriter {
         sb.append(""desc_published":"" + publishedDateTime + "",\n"
             + ""last_restarted":"" + lastRestartedString + "",\n"
             + ""advertised_bandwidth":" + advertisedBandwidth + ",\n"
-            + ""platform":"" + descriptor.getPlatform() + """);
+            + ""platform":"" + StringEscapeUtils.escapeJavaScript(
+            descriptor.getPlatform()) + """);
         descriptorParts = sb.toString();
       }

    