/** * Gets the latest comments with the specified fetch size. * * <p>The returned comments content is plain text. * * @param fetchSize the specified fetch size * @return the latest comments, returns an empty list if not found * @throws ServiceException service exception */ public List<JSONObject> getLatestComments(final int fetchSize) throws ServiceException { final Query query = new Query() .addSort(Comment.COMMENT_CREATE_TIME, SortDirection.DESCENDING) .setCurrentPageNum(1) .setPageSize(fetchSize) .setPageCount(1); try { final JSONObject result = commentRepository.get(query); final List<JSONObject> ret = CollectionUtils.<JSONObject>jsonArrayToList(result.optJSONArray(Keys.RESULTS)); for (final JSONObject comment : ret) { comment.put(Comment.COMMENT_CREATE_TIME, comment.optLong(Comment.COMMENT_CREATE_TIME)); final String articleId = comment.optString(Comment.COMMENT_ON_ARTICLE_ID); final JSONObject article = articleRepository.get(articleId); comment.put( Comment.COMMENT_T_ARTICLE_TITLE, Emotions.clear(article.optString(Article.ARTICLE_TITLE))); comment.put( Comment.COMMENT_T_ARTICLE_PERMALINK, article.optString(Article.ARTICLE_PERMALINK)); final String commenterId = comment.optString(Comment.COMMENT_AUTHOR_ID); final JSONObject commenter = userRepository.get(commenterId); if (UserExt.USER_STATUS_C_INVALID == commenter.optInt(UserExt.USER_STATUS) || Comment.COMMENT_STATUS_C_INVALID == comment.optInt(Comment.COMMENT_STATUS)) { comment.put(Comment.COMMENT_CONTENT, langPropsService.get("commentContentBlockLabel")); } if (Article.ARTICLE_TYPE_C_DISCUSSION == article.optInt(Article.ARTICLE_TYPE)) { comment.put(Comment.COMMENT_CONTENT, "...."); } String content = comment.optString(Comment.COMMENT_CONTENT); content = Emotions.clear(content); content = Jsoup.clean(content, Whitelist.none()); if (StringUtils.isBlank(content)) { comment.put(Comment.COMMENT_CONTENT, "...."); } else { comment.put(Comment.COMMENT_CONTENT, content); } final String commenterEmail = comment.optString(Comment.COMMENT_AUTHOR_EMAIL); final String avatarURL = avatarQueryService.getAvatarURL(commenterEmail); commenter.put(UserExt.USER_AVATAR_URL, avatarURL); comment.put(Comment.COMMENT_T_COMMENTER, commenter); } return ret; } catch (final RepositoryException e) { LOGGER.log(Level.ERROR, "Gets user comments failed", e); throw new ServiceException(e); } }
/** * Strips any potential XSS threats out of the value * * @param value * @return */ public static String stripXSS(String value) { LOG.debug("Value before stripping: " + value); if (value != null) { // Use the ESAPI library to avoid encoded attacks. value = ESAPI.encoder().canonicalize(value); // Avoid null characters value = value.replaceAll("\0", ""); // Clean out HTML value = Jsoup.clean(value, Whitelist.none()); } LOG.debug("Value after stripping: " + value); return value; }
@Restrict(Mupi.USER_ROLE) public static Result comment(String body, Long id) { final User u = Mupi.getLocalUser(session()); final models.Profile p = u.profile; final models.Publication pub = models.Publication.find.byId(id); String safeBody = Jsoup.clean( textWithLinks(body.replaceAll("(\r\n|\n)", " <br/> ")), Whitelist.none().addTags("br", "a").addAttributes("a", "href", "target")); if (pub != null) PubComment.create(pub, p, safeBody); List<UserEmail> l_ue = models.Profile.emailsFromPublication(pub); for (UserEmail ue : l_ue) { if (u.getEmail().equalsIgnoreCase(ue.getEmail())) System.out.println("Commenter: " + ue.getEmail()); else System.out.println(ue.getEmail()); } return selectFeed(getLocalInterest(), getLocalLocation()); }
/** * Gets article preview content. * * <p>Renders the response with a json object, for example, * * <pre> * { * "html": "" * } * </pre> * * @param request the specified http servlet request * @param response the specified http servlet response * @param context the specified http request context * @param articleId the specified article id * @throws Exception exception */ @RequestProcessing(value = "/article/{articleId}/preview", method = HTTPRequestMethod.GET) @Before(adviceClass = StopwatchStartAdvice.class) @After(adviceClass = StopwatchEndAdvice.class) public void getArticlePreviewContent( final HttpServletRequest request, final HttpServletResponse response, final HTTPRequestContext context, final String articleId) throws Exception { final JSONRenderer renderer = new JSONRenderer(); context.setRenderer(renderer); final JSONObject result = Results.trueResult(); renderer.setJSONObject(result); result.put("html", ""); final JSONObject article = articleQueryService.getArticle(articleId); if (null == article) { result.put(Keys.STATUS_CODE, false); return; } final int length = Integer.valueOf("150"); String content = article.optString(Article.ARTICLE_CONTENT); final String authorId = article.optString(Article.ARTICLE_AUTHOR_ID); final JSONObject author = userQueryService.getUser(authorId); if (null != author && UserExt.USER_STATUS_C_INVALID == author.optInt(UserExt.USER_STATUS) || Article.ARTICLE_STATUS_C_INVALID == article.optInt(Article.ARTICLE_STATUS)) { result.put("html", langPropsService.get("articleContentBlockLabel")); return; } final Set<String> userNames = userQueryService.getUserNames(content); final JSONObject currentUser = userQueryService.getCurrentUser(request); final String currentUserName = null == currentUser ? "" : currentUser.optString(User.USER_NAME); final String authorName = author.optString(User.USER_NAME); if (Article.ARTICLE_TYPE_C_DISCUSSION == article.optInt(Article.ARTICLE_TYPE) && !authorName.equals(currentUserName)) { boolean invited = false; for (final String userName : userNames) { if (userName.equals(currentUserName)) { invited = true; break; } } if (!invited) { String blockContent = langPropsService.get("articleDiscussionLabel"); blockContent = blockContent.replace( "{user}", "<a href='" + Latkes.getServePath() + "/member/" + authorName + "'>" + authorName + "</a>"); result.put("html", blockContent); return; } } content = Emotions.convert(content); content = Markdowns.toHTML(content); content = Jsoup.clean(content, Whitelist.none()); if (content.length() >= length) { content = StringUtils.substring(content, 0, length) + " ...."; } result.put("html", content); }
/** * Strip all HTML tags. * * @param content the HTML content to strip the tags from * @return the string */ public static String htmlToText(String content) { return StringEscapeUtils.unescapeHtml(Jsoup.clean(content, Whitelist.none())); }
public static String cleanHtml(String str) { Document.OutputSettings settings = new Document.OutputSettings(); settings.escapeMode(Entities.EscapeMode.xhtml); return Jsoup.clean(str, "", Whitelist.none(), settings); }