Skip to content

Commit

Permalink
limit callback to only used values (#3896)
Browse files Browse the repository at this point in the history
Co-authored-by: Georgy Litvinov <[email protected]>
  • Loading branch information
litvinovg and litvinovg authored Jun 23, 2023
1 parent b4e7b1a commit b049158
Showing 1 changed file with 8 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -31,12 +31,18 @@
import edu.cornell.mannlib.vitro.webapp.visualization.visutils.VisualizationRequestHandler;
import org.apache.commons.logging.Log;

import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;

public class CapabilityMapRequestHandler implements VisualizationRequestHandler {

private static final String IPRET_FULL_RESULTS = "ipretFullResults";
private static final String IPRET_RESULTS = "ipretResults";
private static Set<String> callbackValues = new HashSet<String>(Arrays.asList(IPRET_FULL_RESULTS, IPRET_RESULTS));

@Override
public AuthorizationRequest getRequiredPrivileges() {
return null;
Expand Down Expand Up @@ -109,7 +115,7 @@ public Object generateAjaxVisualization(VitroRequest vitroRequest, Log log, Data
ObjectMapper mapper = new ObjectMapper();

String callback = vitroRequest.getParameter("callback");
if (!StringUtils.isEmpty(callback)) {
if (!StringUtils.isEmpty(callback) && callbackValues.contains(callback)) {
return callback + "(" + mapper.writeValueAsString(response) + ");";
}
return mapper.writeValueAsString(response);
Expand Down Expand Up @@ -162,7 +168,7 @@ public Object generateAjaxVisualization(VitroRequest vitroRequest, Log log, Data

ObjectMapper mapper = new ObjectMapper();
String callback = vitroRequest.getParameter("callback");
if (!StringUtils.isEmpty(callback)) {
if (!StringUtils.isEmpty(callback) && callbackValues.contains(callback)) {
return callback + "(" + mapper.writeValueAsString(response) + ");";
}
return mapper.writeValueAsString(response);
Expand Down

0 comments on commit b049158

Please sign in to comment.