src/main/java/com/gitblit/wicket/SafeTextModel.java - gitblit - Git at Google

 package com.gitblit.wicket;

 import org.apache.wicket.model.IModel;
 import org.apache.wicket.model.Model;
 import org.apache.wicket.util.lang.Objects;
 import org.parboiled.common.StringUtils;
 import org.slf4j.LoggerFactory;

 public class SafeTextModel implements IModel<String> {

 	private static final long serialVersionUID = 1L;

 	public enum Mode {
 		relaxed, none
 	}

 	private final Mode mode;

 	private String value;

 	public static SafeTextModel none() {
 		return new SafeTextModel(Mode.none);
 	}

 	public static SafeTextModel none(String value) {
 		return new SafeTextModel(value, Mode.none);
 	}

 	public static SafeTextModel relaxed() {
 		return new SafeTextModel(Mode.relaxed);
 	}

 	public static SafeTextModel relaxed(String value) {
 		return new SafeTextModel(value, Mode.relaxed);
 	}

 	public SafeTextModel(Mode mode) {
 		this.mode = mode;
 	}

 	public SafeTextModel(String value, Mode mode) {
 		this.value = value;
 		this.mode = mode;
 	}

 	@Override
 	public void detach() {
 	}

 	@Override
 	public String getObject() {
 		if (StringUtils.isEmpty(value)) {
 			return value;
 		}
 		String safeValue;
 		switch (mode) {
 		case none:
 			safeValue = GitBlitWebApp.get().xssFilter().none(value);
 			break;
 		default:
 			safeValue = GitBlitWebApp.get().xssFilter().relaxed(value);
 			break;
 		}
 		if (!value.equals(safeValue)) {
 			LoggerFactory.getLogger(getClass()).warn("XSS filter trigggered on suspicious form field value {}",
 					value);
 		}
 		return safeValue;
 	}

 	@Override
 	public void setObject(String input) {
 		this.value = input;
 	}

 	@Override
 	public int hashCode()
 	{
 		return Objects.hashCode(value);
 	}

 	@Override
 	public boolean equals(Object obj)
 	{
 		if (this == obj)
 		{
 			return true;
 		}
 		if (!(obj instanceof Model<?>))
 		{
 			return false;
 		}
 		Model<?> that = (Model<?>)obj;
 		return Objects.equal(value, that.getObject());
 	}
 }
	package com.gitblit.wicket;

	import org.apache.wicket.model.IModel;
	import org.apache.wicket.model.Model;
	import org.apache.wicket.util.lang.Objects;
	import org.parboiled.common.StringUtils;
	import org.slf4j.LoggerFactory;

	public class SafeTextModel implements IModel<String> {

	private static final long serialVersionUID = 1L;

	public enum Mode {
	relaxed, none
	}

	private final Mode mode;

	private String value;

	public static SafeTextModel none() {
	return new SafeTextModel(Mode.none);
	}

	public static SafeTextModel none(String value) {
	return new SafeTextModel(value, Mode.none);
	}

	public static SafeTextModel relaxed() {
	return new SafeTextModel(Mode.relaxed);
	}

	public static SafeTextModel relaxed(String value) {
	return new SafeTextModel(value, Mode.relaxed);
	}

	public SafeTextModel(Mode mode) {
	this.mode = mode;
	}

	public SafeTextModel(String value, Mode mode) {
	this.value = value;
	this.mode = mode;
	}

	@Override
	public void detach() {
	}

	@Override
	public String getObject() {
	if (StringUtils.isEmpty(value)) {
	return value;
	}
	String safeValue;
	switch (mode) {
	case none:
	safeValue = GitBlitWebApp.get().xssFilter().none(value);
	break;
	default:
	safeValue = GitBlitWebApp.get().xssFilter().relaxed(value);
	break;
	}
	if (!value.equals(safeValue)) {
	LoggerFactory.getLogger(getClass()).warn("XSS filter trigggered on suspicious form field value {}",
	value);
	}
	return safeValue;
	}

	@Override
	public void setObject(String input) {
	this.value = input;
	}

	@Override
	public int hashCode()
	{
	return Objects.hashCode(value);
	}

	@Override
	public boolean equals(Object obj)
	{
	if (this == obj)
	{
	return true;
	}
	if (!(obj instanceof Model<?>))
	{
	return false;
	}
	Model<?> that = (Model<?>)obj;
	return Objects.equal(value, that.getObject());
	}
	}