aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnton Tananaev <anton@traccar.org>2024-06-01 13:44:30 -0700
committerAnton Tananaev <anton@traccar.org>2024-06-01 13:44:30 -0700
commitd83502ac2885c64a9d65a17e1573dedc9b0680d4 (patch)
tree85291a4babc47c4c3e0406ee6340e417e84f2a09
parent20983b9549388f02c609fb91db82f171b0c4efee (diff)
downloadtrackermap-server-d83502ac2885c64a9d65a17e1573dedc9b0680d4.tar.gz
trackermap-server-d83502ac2885c64a9d65a17e1573dedc9b0680d4.tar.bz2
trackermap-server-d83502ac2885c64a9d65a17e1573dedc9b0680d4.zip
Remove sanitization option
-rw-r--r--build.gradle1
-rw-r--r--src/main/java/org/traccar/MainModule.java6
-rw-r--r--src/main/java/org/traccar/config/Keys.java8
-rw-r--r--src/main/java/org/traccar/helper/SanitizerModule.java45
4 files changed, 1 insertions, 59 deletions
diff --git a/build.gradle b/build.gradle
index 77fe9ec36..c24e25843 100644
--- a/build.gradle
+++ b/build.gradle
@@ -53,7 +53,6 @@ dependencies {
implementation "org.slf4j:slf4j-jdk14:2.0.12"
implementation "com.google.inject:guice:$guiceVersion"
implementation "com.google.inject.extensions:guice-servlet:$guiceVersion"
- implementation "org.owasp.encoder:encoder:1.2.3"
implementation "org.glassfish:jakarta.json:2.0.1"
implementation "com.sun.mail:jakarta.mail:2.0.1"
implementation "org.eclipse.jetty:jetty-server:$jettyVersion"
diff --git a/src/main/java/org/traccar/MainModule.java b/src/main/java/org/traccar/MainModule.java
index 89d3d2fe0..66238ab44 100644
--- a/src/main/java/org/traccar/MainModule.java
+++ b/src/main/java/org/traccar/MainModule.java
@@ -79,7 +79,6 @@ import org.traccar.handler.GeolocationHandler;
import org.traccar.handler.SpeedLimitHandler;
import org.traccar.handler.TimeHandler;
import org.traccar.helper.ObjectMapperContextResolver;
-import org.traccar.helper.SanitizerModule;
import org.traccar.helper.WebHelper;
import org.traccar.mail.LogMailManager;
import org.traccar.mail.MailManager;
@@ -132,11 +131,8 @@ public class MainModule extends AbstractModule {
@Singleton
@Provides
- public static ObjectMapper provideObjectMapper(Config config) {
+ public static ObjectMapper provideObjectMapper() {
ObjectMapper objectMapper = new ObjectMapper();
- if (config.getBoolean(Keys.WEB_SANITIZE)) {
- objectMapper.registerModule(new SanitizerModule());
- }
objectMapper.registerModule(new JSONPModule());
objectMapper.disable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS);
return objectMapper;
diff --git a/src/main/java/org/traccar/config/Keys.java b/src/main/java/org/traccar/config/Keys.java
index 5d9a43c01..91d5dac5d 100644
--- a/src/main/java/org/traccar/config/Keys.java
+++ b/src/main/java/org/traccar/config/Keys.java
@@ -775,14 +775,6 @@ public final class Keys {
600);
/**
- * Sanitize all strings returned via API. This is needed to fix XSS issues in the old web interface. New React-based
- * interface doesn't require this.
- */
- public static final ConfigKey<Boolean> WEB_SANITIZE = new BooleanConfigKey(
- "web.sanitize",
- List.of(KeyType.CONFIG));
-
- /**
* Path to the web app folder.
*/
public static final ConfigKey<String> WEB_PATH = new StringConfigKey(
diff --git a/src/main/java/org/traccar/helper/SanitizerModule.java b/src/main/java/org/traccar/helper/SanitizerModule.java
deleted file mode 100644
index af9ac5c2b..000000000
--- a/src/main/java/org/traccar/helper/SanitizerModule.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright 2018 Anton Tananaev (anton@traccar.org)
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.traccar.helper;
-
-import com.fasterxml.jackson.core.JsonGenerator;
-import com.fasterxml.jackson.databind.SerializerProvider;
-import com.fasterxml.jackson.databind.module.SimpleModule;
-import com.fasterxml.jackson.databind.ser.std.StdSerializer;
-import org.owasp.encoder.Encode;
-
-import java.io.IOException;
-
-public class SanitizerModule extends SimpleModule {
-
- public static class SanitizerSerializer extends StdSerializer<String> {
-
- protected SanitizerSerializer() {
- super(String.class);
- }
-
- @Override
- public void serialize(String value, JsonGenerator gen, SerializerProvider provider) throws IOException {
- gen.writeString(Encode.forHtml(value));
- }
-
- }
-
- public SanitizerModule() {
- addSerializer(new SanitizerSerializer());
- }
-
-}