/*
* Copyright (C) 2013-2017 NTT DATA Corporation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific language
* governing permissions and limitations under the License.
*/
package org.terasoluna.gfw.functionaltest.app.el;
import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import org.joda.time.DateTime;
import org.springframework.data.domain.Page;
import org.springframework.data.domain.PageImpl;
import org.springframework.data.domain.Pageable;
import org.springframework.data.web.PageableDefault;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.terasoluna.gfw.functionaltest.domain.repository.customer.CustomerSearchCriteria;
@Controller
@RequestMapping(value = "el")
public class ElController {
@ModelAttribute
public CustomerSearchCriteria setUpForm() {
CustomerSearchCriteria criteria = new CustomerSearchCriteria();
return criteria;
}
@RequestMapping(method = RequestMethod.GET)
public String index() {
return "el/index";
}
@RequestMapping(value = "1", method = RequestMethod.GET)
public String xSSMeasures() {
return "el/xssOutput";
}
@RequestMapping(value = "output_01", method = RequestMethod.POST)
public String xSSMeasures_InputData(
@RequestParam("outputData") String outputData, Model model) {
model.addAttribute("outputData", outputData);
return "el/xssOutput";
}
@RequestMapping(value = "2", method = RequestMethod.GET)
public String urlEncoding() {
return "el/urlOutput";
}
@RequestMapping(value = "output_02", method = RequestMethod.POST)
public String urlEncoding_InputData(
@RequestParam("outputData") String outputData, Model model) {
model.addAttribute("outputData", outputData);
return "el/urlOutput";
}
@RequestMapping(value = "3", method = RequestMethod.GET)
public String newLine() {
return "el/newLineOutput";
}
@RequestMapping(value = "output_03", method = RequestMethod.POST)
public String newLine_InputData(
@RequestParam("outputData") String outputData, Model model) {
model.addAttribute("outputData", outputData);
return "el/newLineOutput";
}
@RequestMapping(value = "4", method = RequestMethod.GET)
public String cutString() {
return "el/cutOutput";
}
@RequestMapping(value = "output_04", method = RequestMethod.POST)
public String cutString_InputData(
@RequestParam("outputData") String outputData, Model model) {
model.addAttribute("outputData", outputData);
return "el/cutOutput";
}
@RequestMapping(value = "5", method = RequestMethod.GET)
public String urlLinkString() {
return "el/linkOutput";
}
@RequestMapping(value = "5_4", method = RequestMethod.GET)
public String urlEncodeLinkString() {
return "el/linkUOutput";
}
@RequestMapping(value = "output_05", method = RequestMethod.POST)
public String urlLink_InputData(
@RequestParam("outputData") String outputData, Model model) {
model.addAttribute("outputData", outputData);
return "el/linkOutput";
}
@RequestMapping(value = "output_05_04")
public String urlULink_InputDatas(String URLPath, String outputQueryParam,
Model model) {
model.addAttribute("URLPath", URLPath);
model.addAttribute("outputQueryParam", outputQueryParam);
return "el/linkUOutput";
}
@RequestMapping(value = "6_1-2", method = RequestMethod.GET)
public String queryString(Model model) {
DateTime dt = new DateTime(2013, 10, 01, 0, 0, 0);
Map<String, Object> outputQueryData = new LinkedHashMap<String, Object>();
outputQueryData.put("Date", dt.toDate());
outputQueryData.put("String", "Spring");
outputQueryData.put("int", 100);
model.addAttribute("outputData", outputQueryData);
outputQueryData = new LinkedHashMap<String, Object>();
outputQueryData.put("&String", "framework");
outputQueryData.put("Long", 100L);
outputQueryData.put("boolean", true);
outputQueryData.put("DateTime", dt);
model.addAttribute("noAndDoubleOutput", outputQueryData);
return "el/mapQueryOutput";
}
@RequestMapping(value = "6_3-", method = RequestMethod.GET)
public String beanQueryString(Model model) {
return "el/beanQueryOutput";
}
@RequestMapping(value = "search", method = RequestMethod.GET)
public String search(CustomerSearchCriteria criteria,
@PageableDefault Pageable pageable, Model model) {
// Create Dummy Data
List<String> customerList = new ArrayList<String>();
for (int i = 1; i <= 10; i++) {
customerList.add("Customer");
}
Page<String> customer = new PageImpl<String>(customerList, pageable, 100);
model.addAttribute("page", customer);
return "el/beanQueryOutput";
}
@RequestMapping(value = "6_7", method = RequestMethod.GET)
public String returnQuerySupportObject(Model model) {
List<String> listData = new ArrayList<String>();
listData.add("Output Message!!");
model.addAttribute("outputData", listData);
return "el/noSupportQueryOutput";
}
@RequestMapping(value = "7_1", method = RequestMethod.GET)
public String javascriptXSSMeasures_07_01(Model model) {
model.addAttribute("xssAttack",
"</script><script>alert('XSS Attack');</script>");
return "el/javascriptOutput";
}
@RequestMapping(value = "7_2", method = RequestMethod.GET)
public String javascriptXSSMeasures_07_02(Model model) {
model.addAttribute("xssAttack",
"</script><script>alert(\"XSS Attack\");</script>");
return "el/javascriptOutput";
}
@RequestMapping(value = "7_3", method = RequestMethod.GET)
public String javascriptXSSMeasures_07_03(Model model) {
model.addAttribute("xssAttack", "Spring Framework");
return "el/javascriptOutput";
}
@RequestMapping(value = "8_1", method = RequestMethod.GET)
public String eventHandlerXSSMeasures_08_01(Model model) {
model.addAttribute("xssAttack", "');alert('XSS Attack');// . )");
return "el/eventHandlerOutput";
}
@RequestMapping(value = "8_2", method = RequestMethod.GET)
public String eventHandlerXSSMeasures_08_02(Model model) {
model.addAttribute("xssAttack", "');alert(\"XSS Attack\");// . )");
return "el/eventHandlerOutput";
}
@RequestMapping(value = "8_3", method = RequestMethod.GET)
public String eventHandlerXSSMeasures_08_03(Model model) {
model.addAttribute("xssAttack", "Spring Framework");
return "el/eventHandlerOutput";
}
}