fix: sanitize room playlist - By Berno
This commit is contained in:
duckietm
parent
02d69f4db0
commit
172b377a6f
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,5 +1,4 @@
|
|||||||
logging/
|
logging/
|
||||||
compiled-builds/
|
|
||||||
*.iml
|
*.iml
|
||||||
.idea/
|
.idea/
|
||||||
target/**
|
target/**
|
||||||
@ -10,7 +9,6 @@ src/test/
|
|||||||
target/
|
target/
|
||||||
config.ini
|
config.ini
|
||||||
*.txt
|
*.txt
|
||||||
*.jar
|
|
||||||
*.log
|
*.log
|
||||||
*.zip
|
*.zip
|
||||||
.DS_Store
|
.DS_Store
|
||||||
|
|||||||
Binary file not shown.
@ -6,7 +6,7 @@
|
|||||||
|
|
||||||
<groupId>com.skeletor</groupId>
|
<groupId>com.skeletor</groupId>
|
||||||
<artifactId>Javascript-Plugin</artifactId>
|
<artifactId>Javascript-Plugin</artifactId>
|
||||||
<version>1.0-SNAPSHOT</version>
|
<version>1.1-SNAPSHOT</version>
|
||||||
<build>
|
<build>
|
||||||
<plugins>
|
<plugins>
|
||||||
<plugin>
|
<plugin>
|
||||||
@ -24,8 +24,16 @@
|
|||||||
<dependency>
|
<dependency>
|
||||||
<groupId>com.eu.habbo</groupId>
|
<groupId>com.eu.habbo</groupId>
|
||||||
<artifactId>Habbo</artifactId>
|
<artifactId>Habbo</artifactId>
|
||||||
<version>3.0.0</version>
|
<version>3.5.1</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
|
||||||
|
<dependency>
|
||||||
|
<groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
|
||||||
|
<artifactId>owasp-java-html-sanitizer</artifactId>
|
||||||
|
<version>20240325.1</version>
|
||||||
|
<scope>compile</scope>
|
||||||
|
</dependency>
|
||||||
|
|
||||||
</dependencies>
|
</dependencies>
|
||||||
|
|
||||||
</project>
|
</project>
|
||||||
@ -5,6 +5,8 @@ import com.eu.habbo.messages.outgoing.generic.alerts.BubbleAlertComposer;
|
|||||||
import gnu.trove.map.hash.THashMap;
|
import gnu.trove.map.hash.THashMap;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
|
|
||||||
|
import static com.skeletor.plugin.javascript.utils.RegexUtility.sanitize;
|
||||||
|
|
||||||
public class RoomPlaylist {
|
public class RoomPlaylist {
|
||||||
private ArrayList<YoutubeVideo> playlist = new ArrayList<>();
|
private ArrayList<YoutubeVideo> playlist = new ArrayList<>();
|
||||||
|
|
||||||
@ -38,19 +40,20 @@ public class RoomPlaylist {
|
|||||||
public void addSong(YoutubeVideo song) {
|
public void addSong(YoutubeVideo song) {
|
||||||
this.playlist.add(song);
|
this.playlist.add(song);
|
||||||
}
|
}
|
||||||
|
|
||||||
public YoutubeVideo removeSong(int index) {
|
public YoutubeVideo removeSong(int index) {
|
||||||
YoutubeVideo res = null;
|
YoutubeVideo res = null;
|
||||||
if (this.playlist.size() - 1 >= index)
|
if(playlist.size() - 1 >= index)
|
||||||
res = this.playlist.remove(index);
|
res = this.playlist.remove(index);
|
||||||
if (this.playlist.size() == 0)
|
if(playlist.isEmpty()) this.setPlaying(false);
|
||||||
setPlaying(false);
|
if(index == this.getCurrentIndex()) {
|
||||||
if (index == getCurrentIndex()) {
|
if(index > this.playlist.size() - 1 && !this.playlist.isEmpty()) {
|
||||||
if (index > this.playlist.size() - 1 && this.playlist.size() > 0)
|
this.current = this.playlist.size() - 1;
|
||||||
this.current = this.playlist.size() - 1;
|
}
|
||||||
} else if (index < getCurrentIndex() && getCurrentIndex() > 0) {
|
}
|
||||||
|
else if(index < this.getCurrentIndex() && this.getCurrentIndex() > 0) {
|
||||||
this.current--;
|
this.current--;
|
||||||
}
|
}
|
||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -79,12 +82,12 @@ public class RoomPlaylist {
|
|||||||
this.channel = channel;
|
this.channel = channel;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public MessageComposer getNowPlayingBubbleAlert() {
|
public MessageComposer getNowPlayingBubbleAlert() {
|
||||||
THashMap<String, String> keys = new THashMap();
|
final THashMap<String, String> keys = new THashMap<>();
|
||||||
keys.put("display", "BUBBLE");
|
keys.put("display", "BUBBLE");
|
||||||
keys.put("image", "${image.library.url}notifications/music.png");
|
keys.put("image", ("${image.library.url}notifications/music.png"));
|
||||||
keys.put("message", "Now playing " + (getCurrentSong()).name);
|
keys.put("message", "Now playing " + sanitize(this.getCurrentSong().name));
|
||||||
return (MessageComposer)new BubbleAlertComposer("", keys);
|
return new BubbleAlertComposer("", keys);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,15 +1,30 @@
|
|||||||
package com.skeletor.plugin.javascript.utils;
|
package com.skeletor.plugin.javascript.utils;
|
||||||
|
import org.owasp.html.HtmlPolicyBuilder;
|
||||||
|
import org.owasp.html.PolicyFactory;
|
||||||
import java.util.regex.Matcher;
|
import java.util.regex.Matcher;
|
||||||
import java.util.regex.Pattern;
|
import java.util.regex.Pattern;
|
||||||
|
|
||||||
public class RegexUtility {
|
public class RegexUtility {
|
||||||
public static String getYouTubeId(String youTubeUrl) {
|
|
||||||
|
public static String getYouTubeId (String youTubeUrl) {
|
||||||
String pattern = "(?<=youtu.be/|watch\\?v=|/videos/|embed\\/)[^#\\&\\?]*";
|
String pattern = "(?<=youtu.be/|watch\\?v=|/videos/|embed\\/)[^#\\&\\?]*";
|
||||||
Pattern compiledPattern = Pattern.compile(pattern);
|
Pattern compiledPattern = Pattern.compile(pattern);
|
||||||
Matcher matcher = compiledPattern.matcher(youTubeUrl);
|
Matcher matcher = compiledPattern.matcher(youTubeUrl);
|
||||||
if (matcher.find())
|
if(matcher.find()){
|
||||||
return matcher.group();
|
return matcher.group();
|
||||||
return "";
|
} else {
|
||||||
|
return "";
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
/**
|
||||||
|
* Sanitizes a string by removing any potentially harmful HTML elements.
|
||||||
|
*
|
||||||
|
* @param str The string to be sanitized.
|
||||||
|
* @return The sanitized string.
|
||||||
|
*/
|
||||||
|
public static String sanitize(String str) {
|
||||||
|
PolicyFactory policy = new HtmlPolicyBuilder().toFactory();
|
||||||
|
return policy.sanitize(str);
|
||||||
|
}
|
||||||
|
}
|
||||||
Loading…
x
Reference in New Issue
Block a user