Radeox is a rendering engine for an unspecified markup. Its [website](http://radeox.org/) is dead, the website of its [authors](http://www.codehaus.org/) is dead too, its [last commit](https://github.com/codehaus/radeox) was 13 years ago. It's only used for the welcome and login messages, as well as comments from users. If we want to have some markup parsing, we should use something maintained with autoescaping guarantees, instead of a piece of zombie code prone to $DEITY knows what injections. Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>master
parent
e5404648a4
commit
85e0e08d9a
@ -1,75 +0,0 @@ |
||||
/* |
||||
This file is part of Airsonic. |
||||
|
||||
Airsonic is free software: you can redistribute it and/or modify |
||||
it under the terms of the GNU General Public License as published by |
||||
the Free Software Foundation, either version 3 of the License, or |
||||
(at your option) any later version. |
||||
|
||||
Airsonic is distributed in the hope that it will be useful, |
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
GNU General Public License for more details. |
||||
|
||||
You should have received a copy of the GNU General Public License |
||||
along with Airsonic. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
Copyright 2016 (C) Airsonic Authors |
||||
Based upon Subsonic, Copyright 2009 (C) Sindre Mehus |
||||
*/ |
||||
package org.airsonic.player.taglib; |
||||
|
||||
import org.apache.commons.lang.StringEscapeUtils; |
||||
import org.radeox.api.engine.RenderEngine; |
||||
import org.radeox.api.engine.context.RenderContext; |
||||
import org.radeox.engine.BaseRenderEngine; |
||||
import org.radeox.engine.context.BaseRenderContext; |
||||
|
||||
import javax.servlet.jsp.JspException; |
||||
import javax.servlet.jsp.JspTagException; |
||||
import javax.servlet.jsp.tagext.BodyTagSupport; |
||||
|
||||
import java.io.IOException; |
||||
|
||||
/** |
||||
* Renders a Wiki text with markup to HTML, using the Radeox render engine. |
||||
* |
||||
* @author Sindre Mehus |
||||
*/ |
||||
public class WikiTag extends BodyTagSupport { |
||||
|
||||
private static final RenderContext RENDER_CONTEXT = new BaseRenderContext(); |
||||
private static final RenderEngine RENDER_ENGINE = new BaseRenderEngine(); |
||||
|
||||
private String text; |
||||
|
||||
public int doStartTag() { |
||||
return EVAL_BODY_BUFFERED; |
||||
} |
||||
|
||||
public int doEndTag() throws JspException { |
||||
String result; |
||||
synchronized (RENDER_ENGINE) { |
||||
result = RENDER_ENGINE.render(StringEscapeUtils.unescapeXml(text), RENDER_CONTEXT); |
||||
} |
||||
try { |
||||
pageContext.getOut().print(result); |
||||
} catch (IOException x) { |
||||
throw new JspTagException(x); |
||||
} |
||||
return EVAL_PAGE; |
||||
} |
||||
|
||||
public void release() { |
||||
text = null; |
||||
super.release(); |
||||
} |
||||
|
||||
public String getText() { |
||||
return text; |
||||
} |
||||
|
||||
public void setText(String text) { |
||||
this.text = text; |
||||
} |
||||
} |
Loading…
Reference in new issue