From d240132dcae9489532de0e1017584b0141e8c82e Mon Sep 17 00:00:00 2001
From: buczekp <buczekp>
Date: Fri, 3 Dec 2010 10:21:45 +0000
Subject: [PATCH] [LMS-1894] escape cloned result set
SVN: 18990
---
.../web/client/ICommonClientService.java | 2 --
.../web/server/AbstractClientService.java | 3 +-
.../web/server/CommonClientService.java | 9 ++++-
.../StringHtmlEscapingPointcutAdvisor.java | 16 ++++-----
.../resultset/CachedResultSetManager.java | 4 ---
.../translator/ResultSetTranslator.java | 15 ++++++--
.../shared/basic/annotation/Unescape.java | 36 -------------------
7 files changed, 29 insertions(+), 56 deletions(-)
delete mode 100644 openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/basic/annotation/Unescape.java
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/ICommonClientService.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/ICommonClientService.java
index 5c99325f6e9..75016e933f3 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/ICommonClientService.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/client/ICommonClientService.java
@@ -41,7 +41,6 @@ import ch.systemsx.cisd.openbis.generic.client.web.client.dto.TypedTableResultSe
import ch.systemsx.cisd.openbis.generic.client.web.client.exception.UserFailureException;
import ch.systemsx.cisd.openbis.generic.shared.basic.IEntityInformationHolderWithPermId;
import ch.systemsx.cisd.openbis.generic.shared.basic.TechId;
-import ch.systemsx.cisd.openbis.generic.shared.basic.annotation.Unescape;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.AbstractType;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.Attachment;
import ch.systemsx.cisd.openbis.generic.shared.basic.dto.AttachmentHolderKind;
@@ -416,7 +415,6 @@ public interface ICommonClientService extends IClientService
* or {@link #prepareExportExperiments(TableExportCriteria)} has been invoked before and
* returned with an exportDataKey passed here as a parameter.
*/
- @Unescape
public String getExportTable(String exportDataKey, String lineSeparator)
throws UserFailureException;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/server/AbstractClientService.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/server/AbstractClientService.java
index fbfa272b79e..9851945577b 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/server/AbstractClientService.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/server/AbstractClientService.java
@@ -54,6 +54,7 @@ import ch.systemsx.cisd.openbis.generic.client.web.server.resultset.IOriginalDat
import ch.systemsx.cisd.openbis.generic.client.web.server.resultset.IResultSet;
import ch.systemsx.cisd.openbis.generic.client.web.server.resultset.IResultSetManager;
import ch.systemsx.cisd.openbis.generic.client.web.server.translator.ResultSetTranslator;
+import ch.systemsx.cisd.openbis.generic.client.web.server.translator.ResultSetTranslator.Escape;
import ch.systemsx.cisd.openbis.generic.client.web.server.translator.UserFailureExceptionTranslator;
import ch.systemsx.cisd.openbis.generic.client.web.server.util.TableModelUtils;
import ch.systemsx.cisd.openbis.generic.client.web.server.util.XMLPropertyTransformer;
@@ -182,7 +183,7 @@ public abstract class AbstractClientService implements IClientService,
try
{
final IResultSet<String, T> result = getResultSet(criteria, dataProvider);
- return ResultSetTranslator.translate(result);
+ return ResultSetTranslator.translate(result, Escape.YES);
} catch (final UserFailureException e)
{
throw UserFailureExceptionTranslator.translate(e);
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/server/CommonClientService.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/server/CommonClientService.java
index d8675e5f5d0..39c6ed35c57 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/server/CommonClientService.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/server/CommonClientService.java
@@ -72,6 +72,7 @@ import ch.systemsx.cisd.openbis.generic.client.web.server.resultset.SpacesProvid
import ch.systemsx.cisd.openbis.generic.client.web.server.resultset.TableDataProviderFactory;
import ch.systemsx.cisd.openbis.generic.client.web.server.resultset.VocabularyTermsProvider;
import ch.systemsx.cisd.openbis.generic.client.web.server.translator.ResultSetTranslator;
+import ch.systemsx.cisd.openbis.generic.client.web.server.translator.ResultSetTranslator.Escape;
import ch.systemsx.cisd.openbis.generic.client.web.server.translator.SearchableEntityTranslator;
import ch.systemsx.cisd.openbis.generic.client.web.server.translator.UserFailureExceptionTranslator;
import ch.systemsx.cisd.openbis.generic.client.web.server.util.TSVRenderer;
@@ -198,11 +199,17 @@ public final class CommonClientService extends AbstractClientService implements
protected final <T> GridRowModels<T> fetchCachedEntities(
final TableExportCriteria<T> exportCriteria)
+ {
+ return fetchCachedEntities(exportCriteria, Escape.NO);
+ }
+
+ protected final <T> GridRowModels<T> fetchCachedEntities(
+ final TableExportCriteria<T> exportCriteria, Escape escape)
{
IResultSetConfig<String, T> resultSetConfig = createExportListCriteria(exportCriteria);
IOriginalDataProvider<T> dummyDataProvider = createDummyDataProvider();
final IResultSet<String, T> result = getResultSet(resultSetConfig, dummyDataProvider);
- final ResultSet<T> entities = ResultSetTranslator.translate(result);
+ final ResultSet<T> entities = ResultSetTranslator.translate(result, escape);
return entities.getList();
}
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/server/StringHtmlEscapingPointcutAdvisor.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/server/StringHtmlEscapingPointcutAdvisor.java
index 80b5e99b9ce..2300d9a064a 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/server/StringHtmlEscapingPointcutAdvisor.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/server/StringHtmlEscapingPointcutAdvisor.java
@@ -20,7 +20,6 @@ import java.lang.reflect.Method;
import org.aopalliance.intercept.MethodInterceptor;
import org.aopalliance.intercept.MethodInvocation;
-import org.apache.commons.lang.StringEscapeUtils;
import org.apache.log4j.Logger;
import org.springframework.aop.ClassFilter;
import org.springframework.aop.support.DefaultPointcutAdvisor;
@@ -31,7 +30,6 @@ import ch.systemsx.cisd.common.logging.LogFactory;
import ch.systemsx.cisd.common.utilities.ReflectingStringEscaper;
import ch.systemsx.cisd.openbis.generic.client.web.client.IClientService;
import ch.systemsx.cisd.openbis.generic.shared.basic.annotation.DoNotEscape;
-import ch.systemsx.cisd.openbis.generic.shared.basic.annotation.Unescape;
/**
* The advisor for automatically escaping HTML strings in the values returned by implementations of
@@ -132,14 +130,12 @@ public class StringHtmlEscapingPointcutAdvisor extends DefaultPointcutAdvisor
+ originalResult);
if (originalResult instanceof String)
{
- if (methodInvocation.getMethod().isAnnotationPresent(Unescape.class))
- {
- result = StringEscapeUtils.unescapeHtml((String) originalResult);
- } else
- {
- // TODO 2010-11-15, CR: Do we need to escape strings in general?
- // StringEscapeUtils.escapeHtml((String) unescapedResult);
- }
+ // TODO 2010-11-15, CR: Do we need to escape strings in general?
+ // need to handle prepareExport then, e.g.:
+ // if (methodInvocation.getMethod().isAnnotationPresent(DoNotEscape.class) == false)
+ // {
+ // result = StringEscapeUtils.escapeHtml((String) originalResult);
+ // }
} else
{
// Escape the result objects
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/server/resultset/CachedResultSetManager.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/server/resultset/CachedResultSetManager.java
index b10ca83610a..fbc4b215c4f 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/server/resultset/CachedResultSetManager.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/server/resultset/CachedResultSetManager.java
@@ -36,7 +36,6 @@ import ch.rinn.restrictions.Private;
import ch.systemsx.cisd.common.logging.LogCategory;
import ch.systemsx.cisd.common.logging.LogFactory;
import ch.systemsx.cisd.common.shared.basic.AlternativesStringFilter;
-import ch.systemsx.cisd.common.utilities.ReflectingStringEscaper;
import ch.systemsx.cisd.openbis.generic.client.web.client.dto.ColumnDistinctValues;
import ch.systemsx.cisd.openbis.generic.client.web.client.dto.CustomFilterInfo;
import ch.systemsx.cisd.openbis.generic.client.web.client.dto.GridColumnFilterInfo;
@@ -689,9 +688,6 @@ public final class CachedResultSetManager<K> implements IResultSetManager<K>, Se
List<TableModelColumnHeader> headers = dataProvider.getHeaders();
TableData<T> tableData =
new TableData<T>(rows, headers, customColumnsProvider, columnCalculator);
-
- ReflectingStringEscaper.escapeDeep(rows);
- // transformation is performed after escaping not to escape transformed values
xmlPropertyTransformer.transformXMLProperties(rows);
addToCache(dataKey, tableData);
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/server/translator/ResultSetTranslator.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/server/translator/ResultSetTranslator.java
index 0678f5f15a3..2c79db26830 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/server/translator/ResultSetTranslator.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/server/translator/ResultSetTranslator.java
@@ -16,6 +16,8 @@
package ch.systemsx.cisd.openbis.generic.client.web.server.translator;
+import ch.systemsx.cisd.common.utilities.ReflectingStringEscaper;
+import ch.systemsx.cisd.openbis.generic.client.web.client.dto.GridRowModels;
import ch.systemsx.cisd.openbis.generic.client.web.client.dto.ResultSet;
import ch.systemsx.cisd.openbis.generic.client.web.server.resultset.IResultSet;
@@ -26,15 +28,24 @@ import ch.systemsx.cisd.openbis.generic.client.web.server.resultset.IResultSet;
*/
public final class ResultSetTranslator
{
+ public enum Escape
+ {
+ YES, NO
+ }
+
private ResultSetTranslator()
{
// Can not be instantiated.
}
- public final static <K, T> ResultSet<T> translate(final IResultSet<String, T> result)
+ public final static <K, T> ResultSet<T> translate(final IResultSet<String, T> result,
+ Escape escape)
{
final ResultSet<T> resultSet = new ResultSet<T>();
- resultSet.setList(result.getList());
+ final GridRowModels<T> resultSetList =
+ escape == Escape.YES ? ReflectingStringEscaper.escapeDeepWithCopy(result.getList())
+ : result.getList();
+ resultSet.setList(resultSetList);
resultSet.setTotalLength(result.getTotalLength());
resultSet.setResultSetKey(result.getResultSetKey());
return resultSet;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/basic/annotation/Unescape.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/basic/annotation/Unescape.java
deleted file mode 100644
index 7abb92071e2..00000000000
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/basic/annotation/Unescape.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright 2007 ETH Zuerich, CISD
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package ch.systemsx.cisd.openbis.generic.shared.basic.annotation;
-
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Inherited;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-
-/**
- * An annotation for marking a method on client service interface that should have its return value
- * unescaped.
- *
- * @author Piotr Buczek
- */
-@Retention(RetentionPolicy.RUNTIME)
-@Target(ElementType.METHOD)
-@Inherited
-public @interface Unescape
-{
-}
--
GitLab