From 8f1dc607d135fd99d769a2dfd1e11e00d72d0506 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Wed, 19 Nov 2014 11:34:17 -0500
Subject: [PATCH] Merged #223 "Add support for image/svg+xml content type to raw servlet"
---
src/main/java/com/gitblit/wicket/panels/MarkdownTextArea.java | 9 +++++----
1 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/src/main/java/com/gitblit/wicket/panels/MarkdownTextArea.java b/src/main/java/com/gitblit/wicket/panels/MarkdownTextArea.java
index 6e06e5b..ade92c0 100644
--- a/src/main/java/com/gitblit/wicket/panels/MarkdownTextArea.java
+++ b/src/main/java/com/gitblit/wicket/panels/MarkdownTextArea.java
@@ -20,12 +20,12 @@
import org.apache.wicket.ajax.form.AjaxFormComponentUpdatingBehavior;
import org.apache.wicket.markup.html.basic.Label;
import org.apache.wicket.markup.html.form.TextArea;
+import org.apache.wicket.model.IModel;
import org.apache.wicket.model.PropertyModel;
import org.apache.wicket.util.time.Duration;
import com.gitblit.utils.MarkdownUtils;
import com.gitblit.wicket.GitBlitWebApp;
-import com.gitblit.wicket.SafeTextModel;
public class MarkdownTextArea extends TextArea {
@@ -35,7 +35,7 @@
protected String text = "";
- public MarkdownTextArea(String id, final SafeTextModel previewModel, final Label previewLabel) {
+ public MarkdownTextArea(String id, final IModel<String> previewModel, final Label previewLabel) {
super(id);
setModel(new PropertyModel(this, "text"));
add(new AjaxFormComponentUpdatingBehavior("onblur") {
@@ -65,12 +65,13 @@
setOutputMarkupId(true);
}
- protected void renderPreview(SafeTextModel previewModel) {
+ protected void renderPreview(IModel<String> previewModel) {
if (text == null) {
return;
}
String html = MarkdownUtils.transformGFM(GitBlitWebApp.get().settings(), text, repositoryName);
- previewModel.setObject(html);
+ String safeHtml = GitBlitWebApp.get().xssFilter().relaxed(html);
+ previewModel.setObject(safeHtml);
}
public String getText() {
--
Gitblit v1.9.1