From fc3a39d464b1303f0b7d01d0160f81cbbb80a98b Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Sun, 07 Sep 2014 11:42:40 -0400
Subject: [PATCH] Create infrastructure for XSS sanitization

---
 src/main/java/com/gitblit/wicket/GitBlitWebApp.java |   22 ++++++++++++++++++++++
 1 files changed, 22 insertions(+), 0 deletions(-)

diff --git a/src/main/java/com/gitblit/wicket/GitBlitWebApp.java b/src/main/java/com/gitblit/wicket/GitBlitWebApp.java
index 7291d03..6cf5f58 100644
--- a/src/main/java/com/gitblit/wicket/GitBlitWebApp.java
+++ b/src/main/java/com/gitblit/wicket/GitBlitWebApp.java
@@ -46,6 +46,7 @@
 import com.gitblit.manager.IUserManager;
 import com.gitblit.tickets.ITicketService;
 import com.gitblit.transport.ssh.IPublicKeyManager;
+import com.gitblit.utils.XssFilter;
 import com.gitblit.wicket.pages.ActivityPage;
 import com.gitblit.wicket.pages.BlamePage;
 import com.gitblit.wicket.pages.BlobDiffPage;
@@ -57,6 +58,7 @@
 import com.gitblit.wicket.pages.DocPage;
 import com.gitblit.wicket.pages.DocsPage;
 import com.gitblit.wicket.pages.EditMilestonePage;
+import com.gitblit.wicket.pages.EditRepositoryPage;
 import com.gitblit.wicket.pages.EditTicketPage;
 import com.gitblit.wicket.pages.ExportTicketPage;
 import com.gitblit.wicket.pages.FederationRegistrationPage;
@@ -71,6 +73,7 @@
 import com.gitblit.wicket.pages.MyDashboardPage;
 import com.gitblit.wicket.pages.MyTicketsPage;
 import com.gitblit.wicket.pages.NewMilestonePage;
+import com.gitblit.wicket.pages.NewRepositoryPage;
 import com.gitblit.wicket.pages.NewTicketPage;
 import com.gitblit.wicket.pages.OverviewPage;
 import com.gitblit.wicket.pages.PatchPage;
@@ -92,9 +95,13 @@
 
 	private final Class<? extends WebPage> homePageClass = MyDashboardPage.class;
 
+	private final Class<? extends WebPage> newRepositoryPageClass = NewRepositoryPage.class;
+
 	private final Map<String, CacheControl> cacheablePages = new HashMap<String, CacheControl>();
 
 	private final IStoredSettings settings;
+
+	private final XssFilter xssFilter;
 
 	private final IRuntimeManager runtimeManager;
 
@@ -130,6 +137,7 @@
 
 		super();
 		this.settings = runtimeManager.getSettings();
+		this.xssFilter = runtimeManager.getXssFilter();
 		this.runtimeManager = runtimeManager;
 		this.pluginManager = pluginManager;
 		this.notificationManager = notificationManager;
@@ -207,6 +215,8 @@
 		mount("/proposal", ReviewProposalPage.class, "t");
 		mount("/registration", FederationRegistrationPage.class, "u", "n");
 
+		mount("/new", NewRepositoryPage.class);
+		mount("/edit", EditRepositoryPage.class, "r");
 		mount("/activity", ActivityPage.class, "r", "h");
 		mount("/lucene", LuceneSearchPage.class);
 		mount("/project", ProjectPage.class, "p");
@@ -262,6 +272,10 @@
 		return homePageClass;
 	}
 
+	public Class<? extends WebPage> getNewRepositoryPage() {
+		return newRepositoryPageClass;
+	}
+
 	/* (non-Javadoc)
 	 * @see com.gitblit.wicket.Webapp#isCacheablePage(java.lang.String)
 	 */
@@ -298,6 +312,14 @@
 	}
 
 	/* (non-Javadoc)
+	 * @see com.gitblit.wicket.Webapp#xssFilter()
+	 */
+	@Override
+	public XssFilter xssFilter() {
+		return xssFilter;
+	}
+
+	/* (non-Javadoc)
 	 * @see com.gitblit.wicket.Webapp#isDebugMode()
 	 */
 	@Override

--
Gitblit v1.9.1