From 209dbdd49a89d6e3cebf61e860c779a1d8561dd9 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Sun, 07 Sep 2014 11:43:40 -0400
Subject: [PATCH] Implement a SafeTextModel and use that for fields vulnerable to XSS

---
 src/main/java/com/gitblit/wicket/panels/MarkdownTextArea.java |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/main/java/com/gitblit/wicket/panels/MarkdownTextArea.java b/src/main/java/com/gitblit/wicket/panels/MarkdownTextArea.java
index f26f7fb..6e06e5b 100644
--- a/src/main/java/com/gitblit/wicket/panels/MarkdownTextArea.java
+++ b/src/main/java/com/gitblit/wicket/panels/MarkdownTextArea.java
@@ -20,12 +20,12 @@
 import org.apache.wicket.ajax.form.AjaxFormComponentUpdatingBehavior;
 import org.apache.wicket.markup.html.basic.Label;
 import org.apache.wicket.markup.html.form.TextArea;
-import org.apache.wicket.model.IModel;
 import org.apache.wicket.model.PropertyModel;
 import org.apache.wicket.util.time.Duration;
 
 import com.gitblit.utils.MarkdownUtils;
 import com.gitblit.wicket.GitBlitWebApp;
+import com.gitblit.wicket.SafeTextModel;
 
 public class MarkdownTextArea extends TextArea {
 
@@ -35,7 +35,7 @@
 
 	protected String text = "";
 
-	public MarkdownTextArea(String id, final IModel<String> previewModel, final Label previewLabel) {
+	public MarkdownTextArea(String id, final SafeTextModel previewModel, final Label previewLabel) {
 		super(id);
 		setModel(new PropertyModel(this, "text"));
 		add(new AjaxFormComponentUpdatingBehavior("onblur") {
@@ -65,7 +65,7 @@
 		setOutputMarkupId(true);
 	}
 
-	protected void renderPreview(IModel<String> previewModel) {
+	protected void renderPreview(SafeTextModel previewModel) {
 		if (text == null) {
 			return;
 		}

--
Gitblit v1.9.1