- escape html for adds and queries

- change config separator char
- fix enter in add boxes
- fix alt and title tags

apps/routerconsole/java/src/net/i2p/router/web/ConfigHomeHandler.java

@@ -7,6 +7,8 @@ import java.util.Iterator;
 import java.util.Set;
 import java.util.Map;
 
+import net.i2p.data.DataHelper;
+
 /**
  *  Simple home page configuration.
  *
@@ -68,8 +70,8 @@ public class ConfigHomeHandler extends FormHandler {
                     addFormError(_("No URL entered"));
                     return;
                 }
-                name = name.replace(";", "");
-                url = url.replace(";", "");
+                name = DataHelper.escapeHTML(name).replace(",", ",");   // HomeHelper.S
+                url = DataHelper.escapeHTML(url).replace(",", ",");
                 HomeHelper.App app = new HomeHelper.App(name, "", url, "/themes/console/images/itoopie_sm.png");
                 apps.add(app);
                 addFormNotice(_("Added") + ": " + app.name);

apps/routerconsole/java/src/net/i2p/router/web/HomeHelper.java

@@ -18,7 +18,7 @@ import net.i2p.util.PortMapper;
  */
 public class HomeHelper extends HelperBase {
     
-    private static final char S = ';';
+    private static final char S = ',';
     private static final String I = "/themes/console/images/";
     static final String PROP_SERVICES = "routerconsole.services";
     static final String PROP_FAVORITES = "routerconsole.favorites";
@@ -150,14 +150,14 @@ public class HomeHelper extends HelperBase {
         buf.append("<div class=\"appgroup\">");
         for (App app : apps) {
             buf.append("<div class=\"app\">" +
-                       "<a href=\"").append(app.url).append("\" alt=\"\" title=\"").append(app.desc).append("\">" +
+                       "<a href=\"").append(app.url).append("\">" +
                        "<img class=\"");
             // toopie is 54x68, not 16x16, needs special alignment and sizing
             if (app.icon.endsWith("/itoopie_sm.png"))
                 buf.append("app2p");
             else
                 buf.append("app");
-            buf.append("\" alt=\"\" src=\"").append(app.icon).append("\"></a><br>\n" +
+            buf.append("\" alt=\"\" title=\"").append(app.desc).append("\" src=\"").append(app.icon).append("\"></a><br>\n" +
                        "<table class=\"app\"><tr class=\"app\"><td class=\"app\">" +
                        "<div class=\"applabel\">" +
                        "<a href=\"").append(app.url).append("\" title=\"").append(app.desc).append("\">").append(app.name).append("</a>" +

apps/routerconsole/java/src/net/i2p/router/web/SearchHelper.java

@@ -3,6 +3,7 @@ package net.i2p.router.web;
 import java.util.Map;
 import java.util.TreeMap;
 
+import net.i2p.data.DataHelper;
 import net.i2p.util.PortMapper;
 
 /**
@@ -16,7 +17,7 @@ public class SearchHelper extends HelperBase {
     private String _query;
     private Map<String, String> _engines = new TreeMap();
     
-    private static final char S = ';';
+    private static final char S = ',';
     static final String PROP_ENGINES = "routerconsole.searchEngines";
     private static final String PROP_DEFAULT = "routerconsole.searchEngine";
 
@@ -84,14 +85,13 @@ public class SearchHelper extends HelperBase {
     public String getURL() {
         if (_engine == null || _query == null)
             return null;
-        _query = _query.trim();
+        _query = DataHelper.escapeHTML(_query).trim();
         if (_query.length() <= 0)
             return null;
         buildEngineMap();
         String url = _engines.get(_engine);
         if (url == null)
             return null;
-        // _query = escape query
         if (url.contains("%s"))
             url = url.replace("%s", _query);
         else

apps/routerconsole/jsp/confighome.jsp

@@ -5,6 +5,11 @@
 <html><head>
 <%@include file="css.jsi" %>
 <%=intl.title("config home")%>
+<style type='text/css'>
+button span.hide{
+    display:none;
+}
+</style>
 </head><body>
 
 <%@include file="summary.jsi" %>
@@ -39,6 +44,7 @@
  <input type="hidden" name="group" value="3">
  <jsp:getProperty name="homehelper" property="configSearch" />
  <div class="formaction">
+  <input type="submit" name="action" class="hide" value="<%=intl._("Add item")%>" >
   <input type="submit" name="action" class="delete" value="<%=intl._("Delete selected")%>" >
   <input type="reset" class="cancel" value="<%=intl._("Cancel")%>" >
   <input type="submit" name="action" class="reload" value="<%=intl._("Restore defaults")%>" >
@@ -52,6 +58,7 @@
  <input type="hidden" name="group" value="1">
  <jsp:getProperty name="homehelper" property="configFavorites" />
  <div class="formaction">
+  <input type="submit" name="action" class="hide" value="<%=intl._("Add item")%>" >
   <input type="submit" name="action" class="delete" value="<%=intl._("Delete selected")%>" >
   <input type="reset" class="cancel" value="<%=intl._("Cancel")%>" >
   <input type="submit" name="action" class="reload" value="<%=intl._("Restore defaults")%>" >
@@ -65,6 +72,7 @@
  <input type="hidden" name="group" value="2">
  <jsp:getProperty name="homehelper" property="configServices" />
  <div class="formaction">
+  <input type="submit" name="action" class="hide" value="<%=intl._("Add item")%>" >
   <input type="submit" name="action" class="delete" value="<%=intl._("Delete selected")%>" >
   <input type="reset" class="cancel" value="<%=intl._("Cancel")%>" >
   <input type="submit" name="action" class="reload" value="<%=intl._("Restore defaults")%>" >