Fixed escaping in snippets (HTML and brackets)
Change-Id: I51b4b44998e6bfb0750e716c82d57ea5a820c741
diff --git a/src/main/java/de/ids_mannheim/korap/response/match/HighlightCombinatorElement.java b/src/main/java/de/ids_mannheim/korap/response/match/HighlightCombinatorElement.java
index 55837b8..42f1c08 100644
--- a/src/main/java/de/ids_mannheim/korap/response/match/HighlightCombinatorElement.java
+++ b/src/main/java/de/ids_mannheim/korap/response/match/HighlightCombinatorElement.java
@@ -58,7 +58,7 @@
else if (this.number < -1) {
sb.append("<span xml:id=\"")
- .append(match.getPosID(match.getClassID(this.number)))
+ .append(escapeHTML(match.getPosID(match.getClassID(this.number))))
.append("\">");
}
@@ -66,14 +66,14 @@
sb.append("<span ");
if (this.number < 2048) {
sb.append("title=\"")
- .append(match.getAnnotationID(this.number))
+ .append(escapeHTML(match.getAnnotationID(this.number)))
.append('"');
}
else {
Relation rel = match.getRelationID(this.number);
- sb.append("xlink:title=\"").append(rel.annotation)
+ sb.append("xlink:title=\"").append(escapeHTML(rel.annotation))
.append("\" xlink:type=\"simple\" xlink:href=\"#")
- .append(match.getPosID(rel.ref)).append('"');
+ .append(escapeHTML(match.getPosID(rel.ref))).append('"');
};
sb.append('>');
}
@@ -146,6 +146,7 @@
else if (this.number != 0)
sb.append(this.number).append(':');
};
+
return sb.toString();
}
else if (this.type == 2) {
@@ -153,6 +154,6 @@
return "]";
return "}";
};
- return this.characters;
+ return escapeBrackets(this.characters);
};
};