1. Rich Manalang
  2. Hipchat for Confluence

Commits

Stefan Saasen  committed bb82217

Escape the room names on the space configuration page

Rename the JSON property on the action anc excplicitly disable the automatic HTML encoding for the JSON string.
Explcitily encode the Room attributes in the Javascript template.

  • Participants
  • Parent commits 67b8612
  • Branches master

Comments (0)

Files changed (2)

File src/main/java/com/atlassian/labs/hipchat/actions/ViewSpaceConfigurationAction.java

View file
 import com.atlassian.labs.hipchat.components.ConfigurationManager;
 import com.atlassian.labs.hipchat.components.HipChatProxyClient;
 import com.atlassian.labs.hipchat.utils.InvalidAuthTokenException;
-import com.atlassian.plugin.webresource.WebResourceUrlProvider;
 import com.opensymphony.xwork.Action;
 import org.apache.commons.lang.StringUtils;
 
     private final ConfigurationManager configurationManager;
 
     private String roomId;
-    private String roomsHtml;
+    private String roomJson;
     private boolean successFullUpdate;
 
     public ViewSpaceConfigurationAction(HipChatProxyClient hipChatProxyClient, ConfigurationManager configurationManager)
             return Action.INPUT;
         } else {
             try {
-                setRoomsHtml(hipChatProxyClient.getRooms().toString());
+                setRoomJson(hipChatProxyClient.getRooms().toString());
             } catch (InvalidAuthTokenException e) {
                 return Action.ERROR;
             }
         return roomId;
     }
 
-    public String getRoomsHtml() {
-        return roomsHtml;
+    public String getRoomJson() {
+        return roomJson;
     }
 
-    public void setRoomsHtml(String roomsHtml) {
-        this.roomsHtml = roomsHtml;
+    public void setRoomJson(String roomJson) {
+        this.roomJson = roomJson;
     }
 
     public boolean isSuccessFullUpdate() {

File src/main/resources/templates/admin/space-config.vm

View file
-#* @vtlvariable name="action" type="com.atlassian.confluence.spaces.actions.EditSpaceEntryAction" *#
+#* @vtlvariable name="action" type="com.atlassian.labs.hipchat.actions.ViewSpaceConfigurationAction" *#
 #requireResource("confluence.web.resources:space-admin")
 
 <html>
 <script id="rooms-tmpl" type="text/tmpl">
     <% _.each(rooms, function(room){ %>
     <div class="checkbox">
-        <input class="checkbox" type="checkbox" <%= room.checked %> name="roomId" value="<%= room.room_id %>">
-        <label for="<%= room.room_id %>"><%= room.name %></label>
+        <input class="checkbox" type="checkbox" <%= room.checked %> name="roomId" value="<%- room.room_id %>">
+        <label for="<%- room.room_id %>"><%- room.name %></label>
     </div>
     <% }) %>
 </script>
+
+## Don't escape the JSON string
+#set($roomJsonHtml = $action.roomJson)
 <script type="text/javascript">
     var hcRoomIds = "$action.roomId",
-            hcRooms = $action.roomsHtml;
+            hcRooms = $roomJsonHtml;
 </script>
 <form id="hipchat-form" action="doconfigure-hipchat.action" method="post"
       class="aui edit-space-details">