diff --git a/java/demo/pom.xml b/java/demo/pom.xml index 53f0f4f57..b402559c2 100644 --- a/java/demo/pom.xml +++ b/java/demo/pom.xml @@ -40,6 +40,11 @@ commons-fileupload 1.2 + + commons-lang + commons-lang + 2.6 + com.googlecode.libphonenumber libphonenumber diff --git a/java/demo/src/com/google/phonenumbers/PhoneNumberParserServlet.java b/java/demo/src/com/google/phonenumbers/PhoneNumberParserServlet.java index d34d476f9..e6eb43711 100644 --- a/java/demo/src/com/google/phonenumbers/PhoneNumberParserServlet.java +++ b/java/demo/src/com/google/phonenumbers/PhoneNumberParserServlet.java @@ -18,6 +18,8 @@ package com.google.phonenumbers; +import static java.nio.charset.StandardCharsets.UTF_8; + import com.google.i18n.phonenumbers.AsYouTypeFormatter; import com.google.i18n.phonenumbers.NumberParseException; import com.google.i18n.phonenumbers.PhoneNumberToCarrierMapper; @@ -35,6 +37,7 @@ import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.fileupload.servlet.ServletFileUpload; import org.apache.commons.fileupload.util.Streams; import org.apache.commons.io.IOUtils; +import org.apache.commons.lang.StringEscapeUtils; import java.io.IOException; import java.io.InputStream; @@ -71,7 +74,7 @@ public class PhoneNumberParserServlet extends HttpServlet { if (item.isFormField()) { String fieldName = item.getFieldName(); if (fieldName.equals("phoneNumber")) { - phoneNumber = Streams.asString(in, "UTF-8"); + phoneNumber = Streams.asString(in, UTF_8.name()); } else if (fieldName.equals("defaultCountry")) { defaultCountry = Streams.asString(in).toUpperCase(); } else if (fieldName.equals("languageCode")) { @@ -95,26 +98,14 @@ public class PhoneNumberParserServlet extends HttpServlet { } StringBuilder output; + resp.setContentType("text/html"); + resp.setCharacterEncoding(UTF_8.name()); if (fileContents.length() == 0) { - output = getOutputForSingleNumber(phoneNumber, defaultCountry, languageCode, regionCode); - resp.setContentType("text/html"); - resp.setCharacterEncoding("UTF-8"); - resp.getWriter().println(""); - resp.getWriter().println( - ""); - resp.getWriter().println(""); - resp.getWriter().println(""); - resp.getWriter().println("Phone Number entered: " + phoneNumber + "
"); - resp.getWriter().println("defaultCountry entered: " + defaultCountry + "
"); resp.getWriter().println( - "Language entered: " + languageCode + - (regionCode.length() == 0 ? "" : " (" + regionCode + ")" + "
")); + getOutputForSingleNumber(phoneNumber, defaultCountry, languageCode, regionCode)); } else { - output = getOutputForFile(defaultCountry, fileContents); - resp.setContentType("text/html"); + resp.getWriter().println(getOutputForFile(defaultCountry, fileContents)); } - resp.getWriter().println(output); - resp.getWriter().println(""); } private StringBuilder getOutputForFile(String defaultCountry, String fileContents) { @@ -134,7 +125,8 @@ public class PhoneNumberParserServlet extends HttpServlet { phoneNumberId++; output.append(""); output.append("").append(phoneNumberId).append(" \n"); - output.append("").append(numberStr).append(" \n"); + output.append("").append( + StringEscapeUtils.escapeHtml(numberStr)).append(" \n"); try { PhoneNumber number = phoneUtil.parseAndKeepRawInput(numberStr, defaultCountry); boolean isNumberValid = phoneUtil.isValidNumber(number); @@ -145,10 +137,13 @@ public class PhoneNumberParserServlet extends HttpServlet { ? phoneUtil.format(number, PhoneNumberFormat.INTERNATIONAL) : "invalid"; - output.append("").append(prettyFormat).append(" \n"); - output.append("").append(internationalFormat).append(" \n"); + output.append("").append( + StringEscapeUtils.escapeHtml(prettyFormat)).append(" \n"); + output.append("").append( + StringEscapeUtils.escapeHtml(internationalFormat)).append(" \n"); } catch (NumberParseException e) { - output.append("").append(e.toString()).append(" \n"); + output.append("").append( + StringEscapeUtils.escapeHtml(e.toString())).append(" \n"); } output.append(""); } @@ -171,6 +166,17 @@ public class PhoneNumberParserServlet extends HttpServlet { private StringBuilder getOutputForSingleNumber( String phoneNumber, String defaultCountry, String languageCode, String regionCode) { StringBuilder output = new StringBuilder(); + output.append(""); + output.append( + ""); + output.append(""); + output.append(""); + output.append("Phone Number entered: " + StringEscapeUtils.escapeHtml(phoneNumber) + "
"); + output.append("defaultCountry entered: " + StringEscapeUtils.escapeHtml(defaultCountry) + + "
"); + output.append("Language entered: " + StringEscapeUtils.escapeHtml(languageCode) + + (regionCode.isEmpty() ? "" : " (" + StringEscapeUtils.escapeHtml(regionCode) + ")") + + "
"); try { PhoneNumber number = phoneUtil.parseAndKeepRawInput(phoneNumber, defaultCountry); output.append("
"); @@ -320,8 +326,9 @@ public class PhoneNumberParserServlet extends HttpServlet { } } } catch (NumberParseException e) { - output.append(e.toString()); + output.append(StringEscapeUtils.escapeHtml(e.toString())); } + output.append(""); return output; } }