[icedtea-web] RFE: Patch to fix character escape handling for the plugin
Deepak Bhole
dbhole at redhat.com
Wed Dec 8 12:27:58 PST 2010
This patch fixes bug# 597:
http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=597
The issue is that the parser cannot handle a quote in a param value as it uses
quotes for delimiters. The solution is to encode the quote, and decode it after
the parser has distinguished the identifiers (currently decoding is done before
parsing since the original intent to encode was to just pass data over the FIFO
pipe).
ChangeLog:
2010-12-08 Deepak Bhole <dbhole at redhat.com>
* plugin/icedteanp/IcedTeaNPPlugin.cc
(encode_string): New function. Takes a string and replaces certain special
characters with html escapes.
(plugin_create_applet_tag): Use the new encode_string function to encode
argn and argv right away, rather than encoding the whole tag.
* plugin/icedteanp/java/sun/applet/PluginAppletViewer.java
(handleMessage): Move decoding out so that it is done after parsing.
(decodeString): New function. Decodes the given string such that html
escapes are replaced by the original special characters.
(scanTag): Decode parameter name and value before adding it to attribute
array.
Comments?
Cheers,
Deepak
-------------- next part --------------
diff -r 964617719f05 plugin/icedteanp/IcedTeaNPPlugin.cc
--- a/plugin/icedteanp/IcedTeaNPPlugin.cc Wed Dec 08 14:06:22 2010 -0500
+++ b/plugin/icedteanp/IcedTeaNPPlugin.cc Wed Dec 08 15:23:49 2010 -0500
@@ -1617,6 +1617,56 @@
return error;
}
+/*
+ * Replaces certain characters (\r, \n, etc) with HTML escape equivalents.
+ *
+ * Return string is allocated on the heap. Caller assumes responsibility
+ * for freeing the memory via g_free()
+ */
+static char*
+encode_string(char* to_encode)
+{
+
+ // Do nothing for an empty string
+ if (to_encode == '\0')
+ return to_encode;
+
+ // worst case scenario -> all characters are newlines or
+ // returns, each of which translates to 5 substitutions
+ char* encoded = (char*) calloc(((strlen(to_encode)*5)+1), sizeof(char));
+
+ strcpy(encoded, "");
+
+ for (int i=0; i < strlen(to_encode); i++)
+ {
+ if (to_encode[i] == '\r')
+ encoded = strcat(encoded, " ");
+ else if (to_encode[i] == '\n')
+ encoded = strcat(encoded, " ");
+ else if (to_encode[i] == '>')
+ encoded = strcat(encoded, ">");
+ else if (to_encode[i] == '<')
+ encoded = strcat(encoded, "<");
+ else if (to_encode[i] == '&')
+ encoded = strcat(encoded, "&");
+ else if (to_encode[i] == '"')
+ encoded = strcat(encoded, """);
+ else
+ {
+ char* orig_char = (char*) calloc(2, sizeof(char));
+ orig_char[0] = to_encode[i];
+ orig_char[1] = '\0';
+
+ strcat(encoded, orig_char);
+
+ free(orig_char);
+ orig_char = NULL;
+ }
+ }
+
+ return encoded;
+}
+
// Build up the applet tag string that we'll send to the applet
// viewer.
static gchar*
@@ -1629,65 +1679,68 @@
for (int16_t i = 0; i < argc; i++)
{
- if (!g_ascii_strcasecmp (argn[i], "code"))
+ gchar* argn_escaped = encode_string(argn[i]);
+ gchar* argv_escaped = encode_string(argv[i]);
+
+ if (!g_ascii_strcasecmp (argn_escaped, "code"))
{
- gchar* code = g_strdup_printf ("CODE=\"%s\" ", argv[i]);
+ gchar* code = g_strdup_printf ("CODE=\"%s\" ", argv_escaped);
applet_tag = g_strconcat (applet_tag, code, NULL);
g_free (code);
code = NULL;
}
- else if (!g_ascii_strcasecmp (argn[i], "java_code"))
+ else if (!g_ascii_strcasecmp (argn_escaped, "java_code"))
{
- gchar* java_code = g_strdup_printf ("JAVA_CODE=\"%s\" ", argv[i]);
+ gchar* java_code = g_strdup_printf ("JAVA_CODE=\"%s\" ", argv_escaped);
applet_tag = g_strconcat (applet_tag, java_code, NULL);
g_free (java_code);
java_code = NULL;
}
- else if (!g_ascii_strcasecmp (argn[i], "codebase"))
+ else if (!g_ascii_strcasecmp (argn_escaped, "codebase"))
{
- gchar* codebase = g_strdup_printf ("CODEBASE=\"%s\" ", argv[i]);
+ gchar* codebase = g_strdup_printf ("CODEBASE=\"%s\" ", argv_escaped);
applet_tag = g_strconcat (applet_tag, codebase, NULL);
g_free (codebase);
codebase = NULL;
}
- else if (!g_ascii_strcasecmp (argn[i], "java_codebase"))
+ else if (!g_ascii_strcasecmp (argn_escaped, "java_codebase"))
{
- gchar* java_codebase = g_strdup_printf ("JAVA_CODEBASE=\"%s\" ", argv[i]);
+ gchar* java_codebase = g_strdup_printf ("JAVA_CODEBASE=\"%s\" ", argv_escaped);
applet_tag = g_strconcat (applet_tag, java_codebase, NULL);
g_free (java_codebase);
java_codebase = NULL;
}
- else if (!g_ascii_strcasecmp (argn[i], "classid"))
+ else if (!g_ascii_strcasecmp (argn_escaped, "classid"))
{
- gchar* classid = g_strdup_printf ("CLASSID=\"%s\" ", argv[i]);
+ gchar* classid = g_strdup_printf ("CLASSID=\"%s\" ", argv_escaped);
applet_tag = g_strconcat (applet_tag, classid, NULL);
g_free (classid);
classid = NULL;
}
- else if (!g_ascii_strcasecmp (argn[i], "archive"))
+ else if (!g_ascii_strcasecmp (argn_escaped, "archive"))
{
- gchar* archive = g_strdup_printf ("ARCHIVE=\"%s\" ", argv[i]);
+ gchar* archive = g_strdup_printf ("ARCHIVE=\"%s\" ", argv_escaped);
applet_tag = g_strconcat (applet_tag, archive, NULL);
g_free (archive);
archive = NULL;
}
- else if (!g_ascii_strcasecmp (argn[i], "java_archive"))
+ else if (!g_ascii_strcasecmp (argn_escaped, "java_archive"))
{
- gchar* java_archive = g_strdup_printf ("JAVA_ARCHIVE=\"%s\" ", argv[i]);
+ gchar* java_archive = g_strdup_printf ("JAVA_ARCHIVE=\"%s\" ", argv_escaped);
applet_tag = g_strconcat (applet_tag, java_archive, NULL);
g_free (java_archive);
java_archive = NULL;
}
- else if (!g_ascii_strcasecmp (argn[i], "width"))
+ else if (!g_ascii_strcasecmp (argn_escaped, "width"))
{
- gchar* width = g_strdup_printf ("width=\"%s\" ", argv[i]);
+ gchar* width = g_strdup_printf ("width=\"%s\" ", argv_escaped);
applet_tag = g_strconcat (applet_tag, width, NULL);
g_free (width);
width = NULL;
}
- else if (!g_ascii_strcasecmp (argn[i], "height"))
+ else if (!g_ascii_strcasecmp (argn_escaped, "height"))
{
- gchar* height = g_strdup_printf ("height=\"%s\" ", argv[i]);
+ gchar* height = g_strdup_printf ("height=\"%s\" ", argv_escaped);
applet_tag = g_strconcat (applet_tag, height, NULL);
g_free (height);
height = NULL;
@@ -1695,58 +1748,28 @@
else
{
- if (argv[i] != '\0')
+ if (argv_escaped != '\0')
{
- parameters = g_strconcat (parameters, "<PARAM NAME=\"", argn[i],
- "\" VALUE=\"", argv[i], "\">", NULL);
+ parameters = g_strconcat (parameters, "<PARAM NAME=\"", argn_escaped,
+ "\" VALUE=\"", argv_escaped, "\">", NULL);
}
}
+
+ free(argn_escaped);
+ free(argv_escaped);
+
+ argn_escaped = NULL;
+ argv_escaped = NULL;
}
applet_tag = g_strconcat (applet_tag, ">", parameters, "</EMBED>", NULL);
- // Escape the parameter value so that line termination
- // characters will pass through the pipe.
-
- // worst case scenario -> all characters are newlines or
- // returns, each of which translates to 5 substitutions
- char* applet_tag_escaped = (char*) calloc(((strlen(applet_tag)*5)+1), sizeof(char));
-
- strcpy(applet_tag_escaped, "");
- for (int i=0; i < strlen(applet_tag); i++)
- {
- if (applet_tag[i] == '\r')
- strcat(applet_tag_escaped, " ");
- else if (applet_tag[i] == '\n')
- strcat(applet_tag_escaped, " ");
- else if (applet_tag[i] == '>')
- strcat(applet_tag_escaped, ">");
- else if (applet_tag[i] == '<')
- strcat(applet_tag_escaped, "<");
- else if (applet_tag[i] == '&')
- strcat(applet_tag_escaped, "&");
- else
- {
- char* orig_char = (char*) calloc(2, sizeof(char));
- orig_char[0] = applet_tag[i];
- orig_char[1] = '\0';
-
- strcat(applet_tag_escaped, orig_char);
-
- free(orig_char);
- orig_char = NULL;
- }
- }
-
- free (applet_tag);
- applet_tag = NULL;
-
g_free (parameters);
parameters = NULL;
PLUGIN_DEBUG ("plugin_create_applet_tag return\n");
- return applet_tag_escaped;
+ return applet_tag;
}
// plugin_send_message_to_appletviewer must be called while holding
diff -r 964617719f05 plugin/icedteanp/java/sun/applet/PluginAppletViewer.java
--- a/plugin/icedteanp/java/sun/applet/PluginAppletViewer.java Wed Dec 08 14:06:22 2010 -0500
+++ b/plugin/icedteanp/java/sun/applet/PluginAppletViewer.java Wed Dec 08 15:23:49 2010 -0500
@@ -514,14 +514,6 @@
UrlUtil.decode(message.substring("tag".length() + 1, spaceLocation));
String tag = message.substring(spaceLocation + 1);
- // Decode the tag
- tag = tag.replace(">", ">");
- tag = tag.replace("<", "<");
- tag = tag.replace("&", "&");
- tag = tag.replace(" ", "\n");
- tag = tag.replace(" ", "\r");
- tag = tag.replace(""", "\"");
-
PluginDebug.debug("Handle = " + handle + "\n" +
"Width = " + width + "\n" +
"Height = " + height + "\n" +
@@ -1454,6 +1446,24 @@
}
/**
+ * Decodes the string (converts html escapes into proper characters)
+ *
+ * @param toDecode The string to decode
+ * @return The decoded string
+ */
+ public static String decodeString(String toDecode) {
+
+ toDecode = toDecode.replace(">", ">");
+ toDecode = toDecode.replace("<", "<");
+ toDecode = toDecode.replace("&", "&");
+ toDecode = toDecode.replace(" ", "\n");
+ toDecode = toDecode.replace(" ", "\r");
+ toDecode = toDecode.replace(""", "\"");
+
+ return toDecode;
+ }
+
+ /**
* System parameters.
*/
static Hashtable<String, String> systemParam = new Hashtable<String, String>();
@@ -1752,7 +1762,7 @@
Hashtable<String, String> atts = new Hashtable<String, String>();
skipSpace(c, in);
while (c[0] >= 0 && c[0] != '>') {
- String att = scanIdentifier(c, in);
+ String att = decodeString(scanIdentifier(c, in));
String val = "";
skipSpace(c, in);
if (c[0] == '=') {
@@ -1775,7 +1785,7 @@
c[0] = in.read();
}
skipSpace(c, in);
- val = buf.toString();
+ val = decodeString(buf.toString());
}
PluginDebug.debug("PUT " + att + " = '" + val + "'");
More information about the distro-pkg-dev
mailing list