diff --git a/SoObjects/SOGo/NSString+Utilities.h b/SoObjects/SOGo/NSString+Utilities.h index f276b9687..2164b2bd3 100644 --- a/SoObjects/SOGo/NSString+Utilities.h +++ b/SoObjects/SOGo/NSString+Utilities.h @@ -22,11 +22,11 @@ #define NSSTRING_URL_H #import +#import @class NSCharacterSet; @class NSDictionary; @class NSObject; -@class NSRegularExpression; @interface NSString (SOGoURLExtension) diff --git a/SoObjects/SOGo/NSString+Utilities.m b/SoObjects/SOGo/NSString+Utilities.m index 62a0b367d..03fb06caa 100644 --- a/SoObjects/SOGo/NSString+Utilities.m +++ b/SoObjects/SOGo/NSString+Utilities.m @@ -946,7 +946,7 @@ static int cssEscapingCount; result = [regex stringByReplacingMatchesInString:result options:0 range:NSMakeRange(0, [result length]) withTemplate:@""]; // Remove vbscript: - regex = [NSRegularExpression regularExpressionWithPattern:@"v[\\s\\u200B \\\\0]*b[\\s\\u200B \\\\0]*s[\\s\\u200B \\\\0]*r[\\s\\u200B \\\\0]*i[\\s\\u200B \\\\0]*p[\\s\\u200B \\\\0]*t[\\s\\u200B \\\\0]*:" + regex = [NSRegularExpression regularExpressionWithPattern:@"v[\\s\\u200B \\\\0]*b[\\s\\u200B \\\\0]*s[\\s\\u200B \\\\0]*c[\\s\\u200B \\\\0]*r[\\s\\u200B \\\\0]*i[\\s\\u200B \\\\0]*p[\\s\\u200B \\\\0]*t[\\s\\u200B \\\\0]*:" options: NSRegularExpressionCaseInsensitive error:&error]; result = [regex stringByReplacingMatchesInString:result options:0 range:NSMakeRange(0, [result length]) withTemplate:@""]; diff --git a/Tests/Unit/TestNSString+Utilities.m b/Tests/Unit/TestNSString+Utilities.m index 5dbe0cd9e..32e86de74 100644 --- a/Tests/Unit/TestNSString+Utilities.m +++ b/Tests/Unit/TestNSString+Utilities.m @@ -96,4 +96,19 @@ testEquals(result, @"kill me"); } + +- (void) test_stringWithoutHTMLInjection +{ + testEquals([[NSString stringWithString:@"foobar"] stringWithoutHTMLInjection: YES], @" foo bar"); + testEquals([[NSString stringWithString:@"fb "] stringWithoutHTMLInjection: YES], @"fb "); + testEquals([[NSString stringWithString:@"Test\n