Commits

Stefan Saasen committed bb82217

Escape the room names on the space configuration page

Rename the JSON property on the action anc excplicitly disable the automatic HTML encoding for the JSON string.
Explcitily encode the Room attributes in the Javascript template.

  • Participants
  • Parent commits 67b8612

Comments (0)

Files changed (2)

File src/main/java/com/atlassian/labs/hipchat/actions/ViewSpaceConfigurationAction.java

 import com.atlassian.labs.hipchat.components.ConfigurationManager;
 import com.atlassian.labs.hipchat.components.HipChatProxyClient;
 import com.atlassian.labs.hipchat.utils.InvalidAuthTokenException;
-import com.atlassian.plugin.webresource.WebResourceUrlProvider;
 import com.opensymphony.xwork.Action;
 import org.apache.commons.lang.StringUtils;
 
     private final ConfigurationManager configurationManager;
 
     private String roomId;
-    private String roomsHtml;
+    private String roomJson;
     private boolean successFullUpdate;
 
     public ViewSpaceConfigurationAction(HipChatProxyClient hipChatProxyClient, ConfigurationManager configurationManager)
             return Action.INPUT;
         } else {
             try {
-                setRoomsHtml(hipChatProxyClient.getRooms().toString());
+                setRoomJson(hipChatProxyClient.getRooms().toString());
             } catch (InvalidAuthTokenException e) {
                 return Action.ERROR;
             }
         return roomId;
     }
 
-    public String getRoomsHtml() {
-        return roomsHtml;
+    public String getRoomJson() {
+        return roomJson;
     }
 
-    public void setRoomsHtml(String roomsHtml) {
-        this.roomsHtml = roomsHtml;
+    public void setRoomJson(String roomJson) {
+        this.roomJson = roomJson;
     }
 
     public boolean isSuccessFullUpdate() {

File src/main/resources/templates/admin/space-config.vm

-#* @vtlvariable name="action" type="com.atlassian.confluence.spaces.actions.EditSpaceEntryAction" *#
+#* @vtlvariable name="action" type="com.atlassian.labs.hipchat.actions.ViewSpaceConfigurationAction" *#
 #requireResource("confluence.web.resources:space-admin")
 
 <html>
 <script id="rooms-tmpl" type="text/tmpl">
     <% _.each(rooms, function(room){ %>
     <div class="checkbox">
-        <input class="checkbox" type="checkbox" <%= room.checked %> name="roomId" value="<%= room.room_id %>">
-        <label for="<%= room.room_id %>"><%= room.name %></label>
+        <input class="checkbox" type="checkbox" <%= room.checked %> name="roomId" value="<%- room.room_id %>">
+        <label for="<%- room.room_id %>"><%- room.name %></label>
     </div>
     <% }) %>
 </script>
+
+## Don't escape the JSON string
+#set($roomJsonHtml = $action.roomJson)
 <script type="text/javascript">
     var hcRoomIds = "$action.roomId",
-            hcRooms = $action.roomsHtml;
+            hcRooms = $roomJsonHtml;
 </script>
 <form id="hipchat-form" action="doconfigure-hipchat.action" method="post"
       class="aui edit-space-details">