Commit 8c618a65 authored by Sergey Shepelevich's avatar Sergey Shepelevich

CMS-11040 [Backport 11.2] Improvement on validation of svg images

(cherry picked from commit 72f67873)
parent 293daa19
......@@ -26,6 +26,7 @@ import javax.jcr.Node;
import javax.jcr.RepositoryException;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.wicket.Component;
import org.apache.wicket.ajax.AjaxRequestTarget;
import org.apache.wicket.ajax.form.AjaxFormComponentUpdatingBehavior;
......@@ -143,7 +144,7 @@ public class GalleryWorkflowPlugin extends CompatibilityWorkflowPlugin<GalleryWo
.getAsBoolean(SVG_SCRIPTS_ENABLED, false);
if (!svgScriptsEnabled && Objects.equals(mimeType, SVG_MIME_TYPE)) {
final String svgContent = IOUtils.toString(is, "UTF-8");
if (svgContent.contains("<script")) {
if (StringUtils.containsIgnoreCase(svgContent, "<script")) {
throw new SvgScriptGalleryException("SVG images with embedded script are not supported.");
}
is.reset();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment