diff --git a/riskified-sample/src/main/java/com/riskified/samples/notificationServer/servlet/NotificationServlet.java b/riskified-sample/src/main/java/com/riskified/samples/notificationServer/servlet/NotificationServlet.java index b1f9dcd..021d603 100644 --- a/riskified-sample/src/main/java/com/riskified/samples/notificationServer/servlet/NotificationServlet.java +++ b/riskified-sample/src/main/java/com/riskified/samples/notificationServer/servlet/NotificationServlet.java @@ -19,16 +19,26 @@ public NotificationServlet(String authKey) throws RiskifiedError { formatter = new NotificationHandler(authKey); } + private static String escapeHtml(String input) { + if (input == null) { + return ""; + } + return input + .replace("&", "&") + .replace("<", "<") + .replace(">", ">"); + } + protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { PrintWriter out = resp.getWriter(); try { NotificationOrder notification = formatter.parseServletPostRequest(req).getOrder(); System.out.println("got notification for id: '" + notification.getId() + "' with status: '" + notification.getStatus() +"' "); - out.println("Merchant Received Notification For Order " + notification.getId() - + " with status " + notification.getStatus() + " and description " + notification.getDescription() - + " and app_dom_id " + notification.getCustom().getAppDomId() - + " Old Status was " + notification.getOldStatus() + out.println("Merchant Received Notification For Order " + escapeHtml(notification.getId()) + + " with status " + escapeHtml(notification.getStatus()) + " and description " + escapeHtml(notification.getDescription()) + + " and app_dom_id " + escapeHtml(notification.getCustom().getAppDomId()) + + " Old Status was " + escapeHtml(notification.getOldStatus()) + ""); } catch (Exception e) { diff --git a/riskified-sample/src/main/java/com/riskified/samples/notificationServer/socket/HTTPPOSTServer.java b/riskified-sample/src/main/java/com/riskified/samples/notificationServer/socket/HTTPPOSTServer.java index 2d39b12..37a78df 100644 --- a/riskified-sample/src/main/java/com/riskified/samples/notificationServer/socket/HTTPPOSTServer.java +++ b/riskified-sample/src/main/java/com/riskified/samples/notificationServer/socket/HTTPPOSTServer.java @@ -63,9 +63,9 @@ public void run() { } NotificationHandler formatter = new NotificationHandler("26faa0eb6eacf889e300944c297640b68789b11c"); NotificationOrder notification = formatter.toObject(body, hash).getOrder(); - sendResponse(200, "Merchant Received Notification For Order " + notification.getId() - + " with status " + notification.getStatus() + " and description " + notification.getDescription() - + " Old Status was " + notification.getOldStatus() + sendResponse(200, "Merchant Received Notification For Order " + escapeHtml(notification.getId()) + + " with status " + escapeHtml(notification.getStatus()) + " and description " + escapeHtml(notification.getDescription()) + + " Old Status was " + escapeHtml(notification.getOldStatus()) + ""); } @@ -77,6 +77,16 @@ public void run() { } + private static String escapeHtml(String input) { + if (input == null) { + return ""; + } + return input + .replace("&", "&") + .replace("<", "<") + .replace(">", ">"); + } + public void sendResponse(int statusCode, String responseString) { String statusLine = null;