diff --git a/src/main/java/org/gcube/portlets/user/socialprofile/client/ui/DisplaySummary.java b/src/main/java/org/gcube/portlets/user/socialprofile/client/ui/DisplaySummary.java
index 5fb63e3..2202fa1 100644
--- a/src/main/java/org/gcube/portlets/user/socialprofile/client/ui/DisplaySummary.java
+++ b/src/main/java/org/gcube/portlets/user/socialprofile/client/ui/DisplaySummary.java
@@ -46,7 +46,10 @@ public class DisplaySummary extends Composite {
*/
public void setSummary(String summaryText){
summary.setHTML(summaryText);
- summaryEditingArea.setText(summaryText);
+
+ // convert back to text
+ String text = fromEscapedHTMLToString(summaryText);
+ summaryEditingArea.setText(text);
}
/**
@@ -76,7 +79,7 @@ public class DisplaySummary extends Composite {
// save the new sanitizedHtml html as summary
if(result != null){
- summary.setHTML(result);
+ setSummary(result);
summary.setVisible(true);
summaryEditingArea.setVisible(false);
saveSummary.setVisible(false);
@@ -119,15 +122,28 @@ public class DisplaySummary extends Composite {
// enable save button
saveSummary.setEnabled(true);
}
-
+
@UiHandler("cancelEditSummary")
void onCancelClick(ClickEvent e){
-
+
// reset changes and exit
- summaryEditingArea.setText(summary.getText());
summary.setVisible(true);
summaryEditingArea.setVisible(false);
saveSummary.setVisible(false);
cancelEditSummary.setVisible(false);
}
+
+ /**
+ * Convert back escaped html to text
+ * @param htmlEscaped
+ * @return
+ */
+ private static String fromEscapedHTMLToString(String htmlEscaped){
+ String descWithoutHTML = htmlEscaped;
+ descWithoutHTML = descWithoutHTML.replaceAll(" "," ");
+ descWithoutHTML = descWithoutHTML.replaceAll("
","\r\n");
+ descWithoutHTML = descWithoutHTML.replaceAll("<","<").replaceAll(">",">");
+ descWithoutHTML = descWithoutHTML.replaceAll("&","&");
+ return descWithoutHTML;
+ }
}
diff --git a/src/main/java/org/gcube/portlets/user/socialprofile/server/SocialServiceImpl.java b/src/main/java/org/gcube/portlets/user/socialprofile/server/SocialServiceImpl.java
index 8ab68f9..543286e 100644
--- a/src/main/java/org/gcube/portlets/user/socialprofile/server/SocialServiceImpl.java
+++ b/src/main/java/org/gcube/portlets/user/socialprofile/server/SocialServiceImpl.java
@@ -4,8 +4,6 @@ import static org.gcube.resources.discovery.icclient.ICFactory.clientFor;
import static org.gcube.resources.discovery.icclient.ICFactory.queryFor;
import java.io.InputStream;
-import java.net.MalformedURLException;
-import java.net.URL;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.LinkedHashMap;
@@ -126,20 +124,20 @@ public class SocialServiceImpl extends RemoteServiceServlet implements SocialSer
@Override
public String saveProfessionalBackground(String summary) {
// parse (html sanitize)
- String toSave = escapeHtmlAndTransformUrl(summary);
+ String toReturn = transformSummary(summary);
if(isWithinPortal()){
UserManager um = new LiferayUserManager();
ASLSession session = getASLSession();
try{
GCubeUser user = um.getUserByUsername(session.getUsername());
- um.setUserProfessionalBackground(user.getUserId(), toSave);
- return toSave; // sanitized
+ um.setUserProfessionalBackground(user.getUserId(), summary); // save as it is
+ return toReturn; // sanitized
}catch(Exception e){
_log.error("Unable to save the professional background " + summary + " for user " + session.getUsername());
return null;
}
}else
- return toSave; // development mode
+ return toReturn; // development mode
}
private UserContext getUserProfile(String username) {
@@ -578,79 +576,4 @@ public class SocialServiceImpl extends RemoteServiceServlet implements SocialSer
return html.replaceAll("&", "&").replaceAll("<", "<")
.replaceAll(">", ">");
}
-
- /**
- * Escape an html string. Escaping data received from the client helps to
- * prevent cross-site script vulnerabilities.
- *
- * @param html the html string to escape
- * @return the escaped string
- */
- private static String escapeHtmlAndTransformUrl(String html) {
- if (html == null) {
- return null;
- }
- String toReturn = html.replaceAll("&", "&").replaceAll("<", "<")
- .replaceAll(">", ">");
-
- // replace all the line breaks by
- toReturn = toReturn.replaceAll("(\r\n|\n)","
");
- //transfrom the URL in a clickable URL
- toReturn = transformUrls(toReturn);
- // then replace all the double spaces by the html version
- toReturn = toReturn.replaceAll("\\s\\s"," ");
- return toReturn;
- }
-
- /**
- * utility method that convert a url ina text in a clickable url by the browser
- * and if the user has just pasted a link, converts the link in: shared a link
- * @param feedText
- * @return the text with the clickable url in it
- */
- protected static String transformUrls(String feedText) {
- StringBuilder sb = new StringBuilder();
- // separate input by spaces ( URLs have no spaces )
- String [] parts = feedText.split("\\s");
- // Attempt to convert each item into an URL.
- for (int i = 0; i < parts.length; i++) {
- String toCheck = getHttpToken(parts[i]);
- if (toCheck != null) {
- try {
- URL url = new URL(toCheck);
- if (i == 0 && parts.length == 1) //then he shared just a link
- return sb.append("shared ").append("a link.").append(" ").toString();
- // If possible then replace with anchor...
- sb.append("").append(url).append(" ");
- } catch (MalformedURLException e) {
- // If there was an URL then it's not valid
- _log.error("MalformedURLException returning... ");
- return feedText;
- }
- } else {
- sb.append(parts[i]);
- sb.append(" ");
- }
- }
- return sb.toString();
- }
-
- /**
- * check the tokens of a pasted text and see if there's any http link in it
- * @param item a text token
- * @return the actual http link
- */
- private static String getHttpToken(String item) {
- if (item.startsWith("http") || item.startsWith("www") || item.startsWith("(www") || item.startsWith("(http")) {
- if (item.startsWith("("))
- item = item.substring(1, item.length());
- if (item.endsWith(".") || item.endsWith(")")) { //sometimes people write the url and close the phrase with a .
- item = item.substring(0, item.length()-1);
- }
- item = item.startsWith("www") ? "http://"+item : item;
- System.out.println("getHttpToken returns -> " + item);
- return item;
- }
- return null;
- }
}