/** * The {@link #windowId} will need to be carried through to subsequent requests so that the correct component * will continue being targeted. The step counter should also be retrieved from a WWindow if one is present. * * @return the hidden parameters. */ @Override public Map<String, String> getHiddenParameters() { Map<String, String> map = backing.getHiddenParameters(); if (windowId != null) { map.put(STEP_VARIABLE, String.valueOf(getStep())); map.put(WWindow.WWINDOW_REQUEST_PARAM_KEY, windowId); } return map; }
/** * Returns a dynamic URL that this wwindow component can be accessed from. * * @return the URL to access this wwindow component. */ public String getUrl() { Environment env = getEnvironment(); Map<String, String> parameters = env.getHiddenParameters(); parameters.put(WWINDOW_REQUEST_PARAM_KEY, getId()); // Override the step count with WWindow step parameters.put(Environment.STEP_VARIABLE, String.valueOf(getStep())); String url = env.getWServletPath(); return WebUtilities.getPath(url, parameters, true); }
/** * Retrieves the base parameter map for serving content (videos + tracks). * * @return the base map for serving content. */ private Map<String, String> getBaseParameterMap() { Environment env = getEnvironment(); Map<String, String> parameters = env.getHiddenParameters(); parameters.put(Environment.TARGET_ID, getTargetId()); if (Util.empty(getCacheKey())) { // Add some randomness to the URL to prevent caching String random = WebUtilities.generateRandom(); parameters.put(Environment.UNIQUE_RANDOM_PARAM, random); } else { // Remove step counter as not required for cached content parameters.remove(Environment.STEP_VARIABLE); parameters.remove(Environment.SESSION_TOKEN_VARIABLE); // Add the cache key parameters.put(Environment.CONTENT_CACHE_KEY, getCacheKey()); } return parameters; }
Map<String, String> parameters = env.getHiddenParameters(); parameters.put(Environment.TARGET_ID, getTargetId());
Map<String, String> parameters = env.getHiddenParameters(); parameters.put(Environment.TARGET_ID, getTargetId());
Map<String, String> parameters = env.getHiddenParameters(); parameters.put(Environment.TARGET_ID, getTargetId());
Map<String, String> parameters = env.getHiddenParameters(); parameters.put(Environment.TARGET_ID, getTargetId());
Map<String, String> parameters = env.getHiddenParameters(); parameters.put(Environment.TARGET_ID, getTargetId());
Map<String, String> parameters = env.getHiddenParameters(); parameters.put(Environment.TARGET_ID, getTargetId());
@Override public void paint(final RenderContext renderContext) { Environment env = UIContextHolder.getCurrent().getEnvironment(); env.setStep(env.getStep() + 1); hiddenParams = env.getHiddenParameters(); } }
/** * Retrieves the application title for the given context. This mess is required due to WWindow essentially existing * as a separate UI root. If WWindow is eventually removed, then we can just retrieve the title from the root * WApplication. * * @param uic the context to check. * @return the current application title. */ private String getApplicationTitle(final UIContext uic) { WComponent root = uic.getUI(); String title = root instanceof WApplication ? ((WApplication) root).getTitle() : null; Map<String, String> params = uic.getEnvironment().getHiddenParameters(); String target = params.get(WWindow.WWINDOW_REQUEST_PARAM_KEY); if (target != null) { ComponentWithContext targetComp = WebUtilities.getComponentById(target, true); if (targetComp != null && targetComp.getComponent() instanceof WWindow) { try { UIContextHolder.pushContext(targetComp.getContext()); title = ((WWindow) targetComp.getComponent()).getTitle(); } finally { UIContextHolder.popContext(); } } } return title == null ? "" : title; }
@Test public void testXssEscaping() throws IOException, SAXException, XpathException { MockWEnvironment environment = new MockWEnvironment(); environment.setPostPath("WApplicationRendererTest.postPath"); WApplication application = new WApplication(); UIContext uic = createUIContext(); uic.setEnvironment(environment); uic.setUI(application); setActiveContext(uic); application.setTitle(getMaliciousAttribute("ui:application")); assertSafeContent(application); uic.getEnvironment().getHiddenParameters().put(getMaliciousAttribute("ui:param"), "dummy"); uic.getEnvironment().getHiddenParameters().put("dummy", getMaliciousAttribute("ui:param")); assertSafeContent(application); }
Map<String, String> hiddenFields = uic.getEnvironment().getHiddenParameters();