Adding anti XSS NIHVIVO-3379
This commit is contained in:
briancaruso
parent
2700e0a638
commit
999cd8a9b6
11 changed files with 52 additions and 20 deletions
|
|
@ -48,6 +48,7 @@ import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.Field;
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.generators.AddAuthorsToInformationResourceGenerator.AuthorshipInfo;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.generators.AddAuthorsToInformationResourceGenerator.AuthorshipInfo;
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.preprocessors.AddAssociatedConceptsPreprocessor;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.preprocessors.AddAssociatedConceptsPreprocessor;
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.preprocessors.RoleToActivityPredicatePreprocessor;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.preprocessors.RoleToActivityPredicatePreprocessor;
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.validators.AntiXssValidation;
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.processEdit.RdfLiteralHash;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.processEdit.RdfLiteralHash;
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditN3GeneratorVTwo;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditN3GeneratorVTwo;
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.SelectListGeneratorVTwo;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.SelectListGeneratorVTwo;
|
||||||
|
|
@ -129,6 +130,9 @@ public class AddAssociatedConceptGenerator extends VivoBaseGenerator implements
|
||||||
//Adding term should return to this same page, not the subject
|
//Adding term should return to this same page, not the subject
|
||||||
//Return takes the page back to the individual form
|
//Return takes the page back to the individual form
|
||||||
editConfiguration.setUrlPatternToReturnTo(EditConfigurationUtils.getFormUrlWithoutContext(vreq));
|
editConfiguration.setUrlPatternToReturnTo(EditConfigurationUtils.getFormUrlWithoutContext(vreq));
|
||||||
|
|
||||||
|
editConfiguration.addValidator(new AntiXssValidation());
|
||||||
|
|
||||||
//prepare
|
//prepare
|
||||||
prepare(vreq, editConfiguration);
|
prepare(vreq, editConfiguration);
|
||||||
return editConfiguration;
|
return editConfiguration;
|
||||||
|
|
|
||||||
|
|
@ -24,6 +24,7 @@ import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.DateTimeIntervalVali
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationUtils;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationUtils;
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationVTwo;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationVTwo;
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.FieldVTwo;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.FieldVTwo;
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.validators.AntiXssValidation;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This is a slightly unusual generator that is used by Manage Authors on
|
* This is a slightly unusual generator that is used by Manage Authors on
|
||||||
|
|
@ -77,6 +78,8 @@ public class AddAuthorsToInformationResourceGenerator extends VivoBaseGenerator
|
||||||
//Adding additional data, specifically edit mode
|
//Adding additional data, specifically edit mode
|
||||||
addFormSpecificData(editConfiguration, vreq);
|
addFormSpecificData(editConfiguration, vreq);
|
||||||
|
|
||||||
|
editConfiguration.addValidator(new AntiXssValidation());
|
||||||
|
|
||||||
//NOITCE this generator does not run prepare() since it
|
//NOITCE this generator does not run prepare() since it
|
||||||
//is never an update and has no SPARQL for existing
|
//is never an update and has no SPARQL for existing
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -17,6 +17,7 @@ import edu.cornell.mannlib.vitro.webapp.dao.jena.QueryUtils;
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationUtils;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationUtils;
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationVTwo;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationVTwo;
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.FieldVTwo;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.FieldVTwo;
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.validators.AntiXssValidation;
|
||||||
/**
|
/**
|
||||||
|
|
||||||
Custom form for adding or editing a webpage associated with an individual. The primary page,
|
Custom form for adding or editing a webpage associated with an individual. The primary page,
|
||||||
|
|
@ -90,6 +91,8 @@ public class AddEditWebpageFormGenerator extends BaseEditConfigurationGenerator
|
||||||
EditConfigurationUtils.getSubjectUri(vreq), vreq )
|
EditConfigurationUtils.getSubjectUri(vreq), vreq )
|
||||||
+ 1 );
|
+ 1 );
|
||||||
|
|
||||||
|
config.addValidator(new AntiXssValidation());
|
||||||
|
|
||||||
//might be null
|
//might be null
|
||||||
config.addFormSpecificData("subjectName", getName( config, vreq));
|
config.addFormSpecificData("subjectName", getName( config, vreq));
|
||||||
prepare(vreq, config);
|
prepare(vreq, config);
|
||||||
|
|
|
||||||
|
|
@ -30,6 +30,7 @@ import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationUti
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationVTwo;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationVTwo;
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditN3GeneratorVTwo;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditN3GeneratorVTwo;
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.FieldVTwo;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.FieldVTwo;
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.validators.AntiXssValidation;
|
||||||
import edu.cornell.mannlib.vitro.webapp.utils.FrontEndEditingUtils;
|
import edu.cornell.mannlib.vitro.webapp.utils.FrontEndEditingUtils;
|
||||||
import edu.cornell.mannlib.vitro.webapp.utils.FrontEndEditingUtils.EditMode;
|
import edu.cornell.mannlib.vitro.webapp.utils.FrontEndEditingUtils.EditMode;
|
||||||
import edu.cornell.mannlib.vitro.webapp.utils.generators.EditModeUtils;
|
import edu.cornell.mannlib.vitro.webapp.utils.generators.EditModeUtils;
|
||||||
|
|
@ -104,8 +105,11 @@ public class AddGrantRoleToPersonGenerator implements EditConfigurationGenerator
|
||||||
setTemplate(editConfiguration, vreq);
|
setTemplate(editConfiguration, vreq);
|
||||||
//Set edit key
|
//Set edit key
|
||||||
setEditKey(editConfiguration, vreq);
|
setEditKey(editConfiguration, vreq);
|
||||||
//Add validator
|
|
||||||
|
//Add validators
|
||||||
editConfiguration.addValidator(new DateTimeIntervalValidationVTwo("startField","endField") );
|
editConfiguration.addValidator(new DateTimeIntervalValidationVTwo("startField","endField") );
|
||||||
|
editConfiguration.addValidator(new AntiXssValidation());
|
||||||
|
|
||||||
//no preprocessors required here
|
//no preprocessors required here
|
||||||
//Adding additional data, specifically edit mode
|
//Adding additional data, specifically edit mode
|
||||||
addFormSpecificData(editConfiguration, vreq);
|
addFormSpecificData(editConfiguration, vreq);
|
||||||
|
|
|
||||||
|
|
@ -32,6 +32,7 @@ import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationUti
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationVTwo;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationVTwo;
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.FieldVTwo;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.FieldVTwo;
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.preprocessors.RoleToActivityPredicatePreprocessor;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.preprocessors.RoleToActivityPredicatePreprocessor;
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.validators.AntiXssValidation;
|
||||||
import edu.cornell.mannlib.vitro.webapp.utils.FrontEndEditingUtils.EditMode;
|
import edu.cornell.mannlib.vitro.webapp.utils.FrontEndEditingUtils.EditMode;
|
||||||
import edu.cornell.mannlib.vitro.webapp.utils.generators.EditModeUtils;
|
import edu.cornell.mannlib.vitro.webapp.utils.generators.EditModeUtils;
|
||||||
/**
|
/**
|
||||||
|
|
@ -164,10 +165,13 @@ public abstract class AddRoleToPersonTwoStageGenerator extends BaseEditConfigura
|
||||||
|
|
||||||
//Add validator
|
//Add validator
|
||||||
editConfiguration.addValidator(new DateTimeIntervalValidationVTwo("startField","endField") );
|
editConfiguration.addValidator(new DateTimeIntervalValidationVTwo("startField","endField") );
|
||||||
|
editConfiguration.addValidator(new AntiXssValidation());
|
||||||
|
|
||||||
//Add preprocessors
|
//Add preprocessors
|
||||||
addPreprocessors(editConfiguration, vreq.getWebappDaoFactory());
|
addPreprocessors(editConfiguration, vreq.getWebappDaoFactory());
|
||||||
//Adding additional data, specifically edit mode
|
//Adding additional data, specifically edit mode
|
||||||
addFormSpecificData(editConfiguration, vreq);
|
addFormSpecificData(editConfiguration, vreq);
|
||||||
|
|
||||||
//prepare
|
//prepare
|
||||||
prepare(vreq, editConfiguration);
|
prepare(vreq, editConfiguration);
|
||||||
return editConfiguration;
|
return editConfiguration;
|
||||||
|
|
|
||||||
|
|
@ -42,6 +42,7 @@ import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationVTwo;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationVTwo;
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.Field;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.Field;
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.preprocessors.RoleToActivityPredicatePreprocessor;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.preprocessors.RoleToActivityPredicatePreprocessor;
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.validators.AntiXssValidation;
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.processEdit.RdfLiteralHash;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.processEdit.RdfLiteralHash;
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditN3GeneratorVTwo;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditN3GeneratorVTwo;
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.SelectListGeneratorVTwo;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.SelectListGeneratorVTwo;
|
||||||
|
|
@ -109,7 +110,9 @@ public class AddUserDefinedConceptGenerator extends VivoBaseGenerator implement
|
||||||
|
|
||||||
|
|
||||||
setTemplate(editConfiguration, vreq);
|
setTemplate(editConfiguration, vreq);
|
||||||
//No validators required here
|
|
||||||
|
editConfiguration.addValidator(new AntiXssValidation());
|
||||||
|
|
||||||
//Add preprocessors
|
//Add preprocessors
|
||||||
addPreprocessors(editConfiguration, vreq.getWebappDaoFactory());
|
addPreprocessors(editConfiguration, vreq.getWebappDaoFactory());
|
||||||
//Adding additional data, specifically edit mode
|
//Adding additional data, specifically edit mode
|
||||||
|
|
|
||||||
|
|
@ -21,6 +21,7 @@ import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationUti
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationVTwo;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationVTwo;
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.FieldVTwo;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.FieldVTwo;
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.preprocessors.FoafNameToRdfsLabelPreprocessor;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.preprocessors.FoafNameToRdfsLabelPreprocessor;
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.validators.AntiXssValidation;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Generates the edit configuration for a default property form.
|
* Generates the edit configuration for a default property form.
|
||||||
|
|
@ -69,6 +70,8 @@ public class NewIndividualFormGenerator extends BaseEditConfigurationGenerator i
|
||||||
|
|
||||||
addFormSpecificData(config, vreq);
|
addFormSpecificData(config, vreq);
|
||||||
|
|
||||||
|
config.addValidator(new AntiXssValidation());
|
||||||
|
|
||||||
//This combines the first and last name into the rdfs:label
|
//This combines the first and last name into the rdfs:label
|
||||||
config.addModelChangePreprocessor(new FoafNameToRdfsLabelPreprocessor());
|
config.addModelChangePreprocessor(new FoafNameToRdfsLabelPreprocessor());
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -14,6 +14,7 @@ import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.DateTimeIntervalVali
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.DateTimeWithPrecisionVTwo;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.DateTimeWithPrecisionVTwo;
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationVTwo;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationVTwo;
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.FieldVTwo;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.FieldVTwo;
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.validators.AntiXssValidation;
|
||||||
|
|
||||||
public class OrganizationHasPositionHistoryGenerator extends VivoBaseGenerator
|
public class OrganizationHasPositionHistoryGenerator extends VivoBaseGenerator
|
||||||
implements EditConfigurationGenerator {
|
implements EditConfigurationGenerator {
|
||||||
|
|
@ -220,8 +221,10 @@ public class OrganizationHasPositionHistoryGenerator extends VivoBaseGenerator
|
||||||
conf.addField(endField.setEditElement(new DateTimeWithPrecisionVTwo(
|
conf.addField(endField.setEditElement(new DateTimeWithPrecisionVTwo(
|
||||||
endField, URI_PRECISION_YEAR, URI_PRECISION_NONE)));
|
endField, URI_PRECISION_YEAR, URI_PRECISION_NONE)));
|
||||||
|
|
||||||
|
conf.addValidator(new AntiXssValidation());
|
||||||
conf.addValidator(new DateTimeIntervalValidationVTwo("startField",
|
conf.addValidator(new DateTimeIntervalValidationVTwo("startField",
|
||||||
"endField"));
|
"endField"));
|
||||||
|
|
||||||
prepare(vreq, conf);
|
prepare(vreq, conf);
|
||||||
return conf;
|
return conf;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -17,6 +17,7 @@ import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.DateTimeIntervalVali
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.DateTimeWithPrecisionVTwo;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.DateTimeWithPrecisionVTwo;
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationVTwo;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationVTwo;
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.FieldVTwo;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.FieldVTwo;
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.validators.AntiXssValidation;
|
||||||
import edu.cornell.mannlib.vitro.webapp.utils.FrontEndEditingUtils.EditMode;
|
import edu.cornell.mannlib.vitro.webapp.utils.FrontEndEditingUtils.EditMode;
|
||||||
import edu.cornell.mannlib.vitro.webapp.utils.generators.EditModeUtils;
|
import edu.cornell.mannlib.vitro.webapp.utils.generators.EditModeUtils;
|
||||||
|
|
||||||
|
|
@ -177,6 +178,8 @@ public class PersonHasEducationalTraining extends VivoBaseGenerator implements
|
||||||
VitroVocabulary.Precision.NONE.uri())));
|
VitroVocabulary.Precision.NONE.uri())));
|
||||||
//Add validator
|
//Add validator
|
||||||
conf.addValidator(new DateTimeIntervalValidationVTwo("startField","endField"));
|
conf.addValidator(new DateTimeIntervalValidationVTwo("startField","endField"));
|
||||||
|
conf.addValidator(new AntiXssValidation());
|
||||||
|
|
||||||
//Adding additional data, specifically edit mode
|
//Adding additional data, specifically edit mode
|
||||||
addFormSpecificData(conf, vreq);
|
addFormSpecificData(conf, vreq);
|
||||||
prepare(vreq, conf);
|
prepare(vreq, conf);
|
||||||
|
|
|
||||||
|
|
@ -18,6 +18,7 @@ import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.DateTimeIntervalVali
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.DateTimeWithPrecisionVTwo;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.DateTimeWithPrecisionVTwo;
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationVTwo;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationVTwo;
|
||||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.FieldVTwo;
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.FieldVTwo;
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.validators.AntiXssValidation;
|
||||||
import edu.cornell.mannlib.vitro.webapp.utils.FrontEndEditingUtils.EditMode;
|
import edu.cornell.mannlib.vitro.webapp.utils.FrontEndEditingUtils.EditMode;
|
||||||
import edu.cornell.mannlib.vitro.webapp.utils.generators.EditModeUtils;
|
import edu.cornell.mannlib.vitro.webapp.utils.generators.EditModeUtils;
|
||||||
|
|
||||||
|
|
@ -155,6 +156,7 @@ public class PersonHasPositionHistoryGenerator extends VivoBaseGenerator impleme
|
||||||
);
|
);
|
||||||
|
|
||||||
conf.addValidator(new DateTimeIntervalValidationVTwo("startField","endField"));
|
conf.addValidator(new DateTimeIntervalValidationVTwo("startField","endField"));
|
||||||
|
conf.addValidator(new AntiXssValidation());
|
||||||
|
|
||||||
//Adding additional data, specifically edit mode
|
//Adding additional data, specifically edit mode
|
||||||
addFormSpecificData(conf, vreq);
|
addFormSpecificData(conf, vreq);
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue