Fix for #588 - HTML escape and unescape descriptions on configclients page

apps/routerconsole/java/src/net/i2p/router/web/ConfigClientsHandler.java

@@ -165,7 +165,7 @@ public class ConfigClientsHandler extends FormHandler {
             if (! ("webConsole".equals(ca.clientName) || "Web console".equals(ca.clientName)))
                 ca.disabled = val == null;
             // edit of an existing entry
-            String desc = getJettyString("desc" + cur);
+            String desc = unescapeHTML(getJettyString("desc" + cur));
             if (desc != null) {
                 int spc = desc.indexOf(" ");
                 String clss = desc;
@@ -181,7 +181,7 @@ public class ConfigClientsHandler extends FormHandler {
         }
 
         int newClient = clients.size();
-        String newDesc = getJettyString("desc" + newClient);
+        String newDesc = unescapeHTML(getJettyString("desc" + newClient));
         if (newDesc != null && newDesc.trim().length() > 0) {
             // new entry
             int spc = newDesc.indexOf(" ");
@@ -399,4 +399,22 @@ public class ConfigClientsHandler extends FormHandler {
         _context.router().saveConfig();
         addFormNotice(_("Interface configuration saved successfully - restart required to take effect."));
     }
+
+    /**
+     *  Unescapes a string taken from HTML
+     */
+    private String unescapeHTML(String escaped) {
+        Map<String, String> map = new HashMap<String, String>();
+        map.put("&quot;","\"");
+        map.put("&amp;","&");
+        map.put("&lt;","<");
+        map.put("&gt;",">");
+        String unescaped = escaped;
+        for (Map.Entry<String, String> entry : map.entrySet()) {
+            String k = entry.getKey();
+            String v = entry.getValue();
+            unescaped = unescaped.replaceAll(k, v);
+        }
+        return unescaped;
+    }
 }

apps/routerconsole/java/src/net/i2p/router/web/ConfigClientsHelper.java

@@ -3,8 +3,10 @@ package net.i2p.router.web;
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
 import java.util.Date;
+import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
+import java.util.Map;
 import java.util.Properties;
 import java.util.Set;
 import java.util.TreeSet;
@@ -234,6 +236,7 @@ public class ConfigClientsHelper extends HelperBase {
                             boolean enabled, boolean ro, String desc, boolean edit,
                             boolean showEditButton, boolean showUpdateButton, boolean showStopButton,
                             boolean showDeleteButton, boolean showStartButton) {
+        String escapeddesc = escapeHTML(desc);
         buf.append("<tr><td class=\"mediumtags\" align=\"right\" width=\"25%\">");
         if (urlify && enabled) {
             String link = "/";
@@ -279,10 +282,10 @@ public class ConfigClientsHelper extends HelperBase {
         buf.append("</td><td align=\"left\" width=\"50%\">");
         if (edit && !ro) {
             buf.append("<input type=\"text\" size=\"80\" name=\"desc").append(index).append("\" value=\"");
-            buf.append(desc);
+            buf.append(escapeddesc);
             buf.append("\" >");
         } else {
-            buf.append(desc);
+            buf.append(escapeddesc);
         }
         buf.append("</td></tr>\n");
     }
@@ -298,4 +301,22 @@ public class ConfigClientsHelper extends HelperBase {
         String rv = t1.replace('>', ' ');
         return rv;
     }
+
+    /**
+     *  Escapes a string for inclusion in HTML
+     */
+    private String escapeHTML(String unescaped) {
+        Map<String, String> map = new HashMap<String, String>();
+        map.put("\"","&quot;");
+        map.put("&","&amp;");
+        map.put("<","&lt;");
+        map.put(">","&gt;");
+        String escaped = unescaped;
+        for (Map.Entry<String, String> entry : map.entrySet()) {
+            String k = entry.getKey();
+            String v = entry.getValue();
+            escaped = escaped.replaceAll(k, v);
+        }
+        return escaped;
+    }
 }