package com.gitblit.wicket;
import org.apache.wicket.model.IModel;
import org.apache.wicket.model.Model;
import org.apache.wicket.util.lang.Objects;
import org.parboiled.common.StringUtils;
import org.slf4j.LoggerFactory;
public class SafeTextModel implements IModel<String> {
private static final long serialVersionUID = 1L;
public enum Mode {
relaxed, none
}
private final Mode mode;
private String value;
public static SafeTextModel none() {
return new SafeTextModel(Mode.none);
}
public static SafeTextModel none(String value) {
return new SafeTextModel(value, Mode.none);
}
public static SafeTextModel relaxed() {
return new SafeTextModel(Mode.relaxed);
}
public static SafeTextModel relaxed(String value) {
return new SafeTextModel(value, Mode.relaxed);
}
public SafeTextModel(Mode mode) {
this.mode = mode;
}
public SafeTextModel(String value, Mode mode) {
this.value = value;
this.mode = mode;
}
@Override
public void detach() {
}
@Override
public String getObject() {
if (StringUtils.isEmpty(value)) {
return value;
}
String safeValue;
switch (mode) {
case none:
safeValue = GitBlitWebApp.get().xssFilter().none(value);
break;
default:
safeValue = GitBlitWebApp.get().xssFilter().relaxed(value);
break;
}
if (!value.equals(safeValue)) {
LoggerFactory.getLogger(getClass()).warn("XSS filter trigggered on suspicious form field value {}",
value);
}
return safeValue;
}
@Override
public void setObject(String input) {
this.value = input;
}
@Override
public int hashCode()
{
return Objects.hashCode(value);
}
@Override
public boolean equals(Object obj)
{
if (this == obj)
{
return true;
}
if (!(obj instanceof Model<?>))
{
return false;
}
Model<?> that = (Model<?>)obj;
return Objects.equal(value, that.getObject());
}
}