diff --git a/uberfire-rest/uberfire-rest-backend/src/main/java/org/guvnor/rest/backend/ProjectResource.java b/uberfire-rest/uberfire-rest-backend/src/main/java/org/guvnor/rest/backend/ProjectResource.java index 50229e8e1e..e7ace11262 100644 --- a/uberfire-rest/uberfire-rest-backend/src/main/java/org/guvnor/rest/backend/ProjectResource.java +++ b/uberfire-rest/uberfire-rest-backend/src/main/java/org/guvnor/rest/backend/ProjectResource.java @@ -374,7 +374,7 @@ public Response addBranch(@PathParam("spaceName") String spaceName, jobRequest.setJobId(id); jobRequest.setSpaceName(spaceName); jobRequest.setProjectName(projectName); - jobRequest.setNewBranchName(StringEscapeUtils.escapeHtml4(addBranchRequest.getNewBranchName())); + jobRequest.setNewBranchName(escapeHtmlInput(addBranchRequest.getNewBranchName())); jobRequest.setBaseBranchName(addBranchRequest.getBaseBranchName()); jobRequest.setUserIdentifier(sessionInfo.getIdentity().getIdentifier()); addAcceptedJobResult(id); @@ -455,6 +455,16 @@ private ProjectResponse getProjectResponse(WorkspaceProject workspaceProject) { return projectResponse; } + private String escapeHtmlInput(String input) { + if (input != null) { + String escapedInput = StringEscapeUtils.escapeHtml4(input); + escapedInput = escapedInput.replace("'", ""); + return escapedInput; + } else { + return null; + } + } + @POST @Produces(MediaType.APPLICATION_JSON) @Path("/spaces/{spaceName}/projects/{projectName}/maven/compile") @@ -685,7 +695,7 @@ public Response createSpace(Space space) { jobRequest.setJobId(id); jobRequest.setSpaceName(space.getName()); jobRequest.setDescription(space.getDescription()); - jobRequest.setOwner(StringEscapeUtils.escapeHtml4(space.getOwner())); + jobRequest.setOwner(escapeHtmlInput(space.getOwner())); jobRequest.setDefaultGroupId(space.getDefaultGroupId()); addAcceptedJobResult(id); @@ -710,7 +720,7 @@ public Response updateSpace(Space space) { jobRequest.setJobId(id); jobRequest.setSpaceName(space.getName()); jobRequest.setDescription(space.getDescription()); - jobRequest.setOwner(StringEscapeUtils.escapeHtml4(space.getOwner())); + jobRequest.setOwner(escapeHtmlInput(space.getOwner())); jobRequest.setDefaultGroupId(space.getDefaultGroupId()); addAcceptedJobResult(id); diff --git a/uberfire-structure/uberfire-structure-backend/src/main/java/org/guvnor/structure/backend/organizationalunit/OrganizationalUnitServiceImpl.java b/uberfire-structure/uberfire-structure-backend/src/main/java/org/guvnor/structure/backend/organizationalunit/OrganizationalUnitServiceImpl.java index 204bb138dc..8728cbfee9 100644 --- a/uberfire-structure/uberfire-structure-backend/src/main/java/org/guvnor/structure/backend/organizationalunit/OrganizationalUnitServiceImpl.java +++ b/uberfire-structure/uberfire-structure-backend/src/main/java/org/guvnor/structure/backend/organizationalunit/OrganizationalUnitServiceImpl.java @@ -625,6 +625,7 @@ private Collection escapeContributorsNames(Collection Collection escapedContributors = new ArrayList<>(); contributors.forEach((contributor -> { String escapedName = StringEscapeUtils.escapeHtml4(contributor.getUsername()); + escapedName = escapedName.replace("'", ""); escapedContributors.add(new Contributor(escapedName, contributor.getType())); })); return escapedContributors;