Skip to content

Commit 821aa10

Browse files
lmarinilmarini
authored
Merge pull request #53 from clowder-framework/feature/html-welcome-message
Allow admins to use basic formatting in welcome message and sanitize output
2 parents 0c79a1b + 2d81ab0 commit 821aa10

File tree

5 files changed

+28
-4
lines changed

5 files changed

+28
-4
lines changed

CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
1010
- Datasets downloaded with Clowder now include DataCite v4 XML files in the output /metadata folder for interoperability purposes.
1111
- Script to clean extractors' tmp files.
1212
- Script for RabbitMQ error queue cleanup.
13+
- Ability to use basic html formatting in the welcome message on the home page. [#51](https://github.com/clowder-framework/clowder/issues/51)
1314

1415
### Changed
1516
- Improved simple test to report all day success.

app/controllers/Application.scala

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,17 +1,19 @@
11
package controllers
22

33
import java.net.URL
4-
import javax.inject.{Inject, Singleton}
54

5+
import javax.inject.{Inject, Singleton}
66
import api.Permission
77
import api.Permission._
88
import play.api.{Logger, Play, Routes}
99
import play.api.mvc.Action
1010
import services._
1111
import models.{Event, UUID, User, UserStatus}
12+
import org.owasp.html.Sanitizers
1213
import play.api.Logger
1314
import play.api.libs.concurrent.Execution.Implicits._
1415
import play.api.Play.current
16+
import util.Formatters.sanitizeHTML
1517

1618
import scala.collection.immutable.List
1719
import scala.collection.mutable.ListBuffer
@@ -212,9 +214,11 @@ class Application @Inject() (files: FileService, collections: CollectionService,
212214
val spacesCount = spaces.count()
213215
val usersCount = users.count()
214216

217+
val sanitezedWelcomeText = sanitizeHTML(AppConfiguration.getWelcomeMessage)
218+
215219
Ok(views.html.index(datasetsCount, filesCount, filesBytes,
216220
collectionsCount, spacesCount, usersCount,
217-
AppConfiguration.getDisplayName, AppConfiguration.getWelcomeMessage))
221+
AppConfiguration.getDisplayName, sanitezedWelcomeText))
218222
}
219223
}
220224
}
@@ -233,8 +237,10 @@ class Application @Inject() (files: FileService, collections: CollectionService,
233237
val spacesCount = spaces.count()
234238
val usersCount = users.count()
235239

240+
val sanitezedWelcomeText = sanitizeHTML(AppConfiguration.getWelcomeMessage)
241+
236242
Ok(views.html.index(datasetsCount, filesCount, filesBytes, collectionsCount,
237-
spacesCount, usersCount, AppConfiguration.getDisplayName, AppConfiguration.getWelcomeMessage))
243+
spacesCount, usersCount, AppConfiguration.getDisplayName, sanitezedWelcomeText))
238244
}
239245

240246
def email(subject: String, body: String) = UserAction(needActive=false) { implicit request =>

app/util/Formatters.scala

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,9 @@ package util
33
import java.text.SimpleDateFormat
44
import java.util.Date
55

6+
import org.owasp.html.Sanitizers
7+
import services.AppConfiguration
8+
69
/**
710
* Formatters
811
*/
@@ -77,4 +80,15 @@ object Formatters {
7780
val formatter = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSX")
7881
formatter.parse(date)
7982
}
83+
84+
/**
85+
* Sanitize text to safely output to web frontend. For example remove any kind of javascript snippets.
86+
* @param unsanitezedText user created text that has not been sanitized
87+
* @return text that has been sanitized
88+
*/
89+
def sanitizeHTML(unsanitezedText: String): String = {
90+
val policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS).and(Sanitizers.IMAGES).and(Sanitizers.BLOCKS).
91+
and(Sanitizers.STYLES).and(Sanitizers.TABLES)
92+
policy.sanitize(AppConfiguration.getWelcomeMessage)
93+
}
8094
}

app/views/index.scala.html

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
<div class="row featurette">
99
<div class="col-md-7">
1010
<h2 class="featurette-heading">Welcome to @displayedName</h2>
11-
<p class="lead">@welcomeMessage</p>
11+
<p class="lead">@Html(welcomeMessage)</p>
1212
</div>
1313
<div class="col-md-5" id="resources-panel-container">
1414
<div class="panel panel-default" id="resources-panel" data-clampedwidth=".col-md-5">

project/Build.scala

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -72,6 +72,9 @@ object ApplicationBuild extends Build {
7272

7373
val appDependencies = Seq(
7474
filters,
75+
76+
"com.googlecode.owasp-java-html-sanitizer" % "owasp-java-html-sanitizer" % "20180219.1",
77+
7578
// login
7679
"ws.securesocial" %% "securesocial" % "2.1.4" exclude("org.scala-stm", "scala-stm_2.10.0"),
7780
"com.unboundid" % "unboundid-ldapsdk" % "4.0.1",

0 commit comments

Comments
 (0)