Optionally HTML encode variables in post content #187

 * Also adding a .gitattributes to force line endings

Author: tomasbjerre

.gitattributes

@@ -0,0 +1,3 @@
+* text
+
+*.png binary

CHANGELOG.md

@@ -3,10 +3,27 @@
 Changelog of Pull Request Notifier for Bitbucket.
 
 ## Unreleased
+### GitHub [#187](https://github.com/tomasbjerre/pull-request-notifier-for-bitbucket/issues/187) Support HTML escaping in variable expansion?
+  Optionally HTML encode variables in post content 
+
+ * Also adding a .gitattributes to force line endings
+  
+  [6c5ea57e189e213](https://github.com/tomasbjerre/pull-request-notifier-for-bitbucket/commit/6c5ea57e189e213) Tomas Bjerre *2017-01-28 13:24:47*
+
+### No issue
+  Use table instead of list for variable documentation
+  
+  [bfea25b36db3cb2](https://github.com/tomasbjerre/pull-request-notifier-for-bitbucket/commit/bfea25b36db3cb2) Joshua Shearer *2017-01-26 04:05:48*
+
+  Fix misspelling
+  
+  [532d0203e03a92b](https://github.com/tomasbjerre/pull-request-notifier-for-bitbucket/commit/532d0203e03a92b) Joshua Shearer *2017-01-26 03:46:41*
+
+## 2.48
 ### GitHub [#179](https://github.com/tomasbjerre/pull-request-notifier-for-bitbucket/issues/179) Add PULL_REQUEST_REVIEWERS_NEEDS_WORK_COUNT
   NEEDS_WORK and UNAPPROVED variables
 
-  [7337969c089b16f](https://github.com/tomasbjerre/pull-request-notifier-for-bitbucket/commit/7337969c089b16f) Tomas Bjerre *2017-01-13 08:20:58*
+  [85558ecd08f2321](https://github.com/tomasbjerre/pull-request-notifier-for-bitbucket/commit/85558ecd08f2321) Tomas Bjerre *2017-01-13 08:33:22*
 
 ## 2.47
 ### GitHub [#178](https://github.com/tomasbjerre/pull-request-notifier-for-bitbucket/issues/178) Forms with checkboxes that have a default value of false do not work
@@ -1036,8 +1053,8 @@ Also:
 
   Compatibility with JDK 1.7
 
-If you ever consider backward compatibility to be relevant.
-
+If you ever consider backward compatibility to be relevant.
+
 java.util.Base64 is available since 1.8 and javax.xml.bind.DatatypeConverter since 1.6.
 
   [36f99c11d31c763](https://github.com/tomasbjerre/pull-request-notifier-for-bitbucket/commit/36f99c11d31c763) Raimana *2015-04-01 09:24:20*

README.md

@@ -294,7 +294,7 @@ If things don't work as you expect, perhaps you should file an issue. But first,
    `curl -u admin:admin 'http://localhost:7990/bitbucket/rest/prnfb-admin/1.0/settings/notifications' -H 'Accept: application/json, text/javascript, */*; q=0.01'`.
 
    `curl -u admin:admin 'http://localhost:7990/bitbucket/rest/prnfb-admin/1.0/settings/buttons' -H 'Accept: application/json, text/javascript, */*; q=0.01'`.
- * If the system you are trying to notify does not seem to get notified you may check that the triggered URL looks as expected. You can do that by setting up a webserver, let the plugin invoke that with same parameters and then look at its log files to se the requested URL. Or notify *http://cogi.bjurr.se/?${...}* and I can check my logs and tell you what the URL looks like.
+ * If the system you are trying to notify does not seem to get notified you may check that the triggered URL looks as expected. You can do that by invoking https://requestb.in/ and inspect its results.
 
 ## Developer instructions
 There are some scripts to help working with the plugin.

src/main/java/se/bjurr/prnfb/listener/PrnfbPullRequestEventListener.java

@@ -220,11 +220,12 @@ public NotificationResponse notify(
 
     Optional<String> postContent = absent();
     if (notification.getPostContent().isPresent()) {
+      ENCODE_FOR encodePostContentFor = notification.getPostContentEncoding();
       postContent =
           of(
               renderer.render(
                   notification.getPostContent().get(),
-                  ENCODE_FOR.NONE,
+                  encodePostContentFor,
                   clientKeyStore,
                   shouldAcceptAnyCertificate));
     }

src/main/java/se/bjurr/prnfb/presentation/dto/NotificationDTO.java

@@ -9,6 +9,7 @@
 import javax.xml.bind.annotation.XmlRootElement;
 
 import se.bjurr.prnfb.http.UrlInvoker.HTTP_METHOD;
+import se.bjurr.prnfb.service.PrnfbRenderer.ENCODE_FOR;
 import se.bjurr.prnfb.settings.TRIGGER_IF_MERGE;
 
 @XmlRootElement
@@ -35,6 +36,11 @@ public class NotificationDTO implements Comparable<NotificationDTO> {
   private String url;
   private String user;
   private UUID uuid;
+  private ENCODE_FOR postContentEncoding;
+
+  public void setPostContentEncoding(ENCODE_FOR postContentEncoding) {
+    this.postContentEncoding = postContentEncoding;
+  }
 
   @Override
   public int compareTo(NotificationDTO o) {
@@ -283,32 +289,31 @@ public UUID getUuid() {
   public int hashCode() {
     final int prime = 31;
     int result = 1;
-    result = prime * result + ((this.filterRegexp == null) ? 0 : this.filterRegexp.hashCode());
-    result = prime * result + ((this.filterString == null) ? 0 : this.filterString.hashCode());
-    result = prime * result + ((this.headers == null) ? 0 : this.headers.hashCode());
-    result = prime * result + ((this.injectionUrl == null) ? 0 : this.injectionUrl.hashCode());
+    result = prime * result + (this.filterRegexp == null ? 0 : this.filterRegexp.hashCode());
+    result = prime * result + (this.filterString == null ? 0 : this.filterString.hashCode());
+    result = prime * result + (this.headers == null ? 0 : this.headers.hashCode());
+    result = prime * result + (this.injectionUrl == null ? 0 : this.injectionUrl.hashCode());
     result =
-        prime * result
-            + ((this.injectionUrlRegexp == null) ? 0 : this.injectionUrlRegexp.hashCode());
-    result = prime * result + ((this.method == null) ? 0 : this.method.hashCode());
-    result = prime * result + ((this.name == null) ? 0 : this.name.hashCode());
-    result = prime * result + ((this.password == null) ? 0 : this.password.hashCode());
-    result = prime * result + ((this.postContent == null) ? 0 : this.postContent.hashCode());
-    result = prime * result + ((this.projectKey == null) ? 0 : this.projectKey.hashCode());
-    result = prime * result + ((this.proxyPassword == null) ? 0 : this.proxyPassword.hashCode());
-    result = prime * result + ((this.proxyPort == null) ? 0 : this.proxyPort.hashCode());
-    result = prime * result + ((this.proxyServer == null) ? 0 : this.proxyServer.hashCode());
-    result = prime * result + ((this.proxyUser == null) ? 0 : this.proxyUser.hashCode());
-    result = prime * result + ((this.repositorySlug == null) ? 0 : this.repositorySlug.hashCode());
+        prime * result + (this.injectionUrlRegexp == null ? 0 : this.injectionUrlRegexp.hashCode());
+    result = prime * result + (this.method == null ? 0 : this.method.hashCode());
+    result = prime * result + (this.name == null ? 0 : this.name.hashCode());
+    result = prime * result + (this.password == null ? 0 : this.password.hashCode());
+    result = prime * result + (this.postContent == null ? 0 : this.postContent.hashCode());
+    result = prime * result + (this.projectKey == null ? 0 : this.projectKey.hashCode());
+    result = prime * result + (this.proxyPassword == null ? 0 : this.proxyPassword.hashCode());
+    result = prime * result + (this.proxyPort == null ? 0 : this.proxyPort.hashCode());
+    result = prime * result + (this.proxyServer == null ? 0 : this.proxyServer.hashCode());
+    result = prime * result + (this.proxyUser == null ? 0 : this.proxyUser.hashCode());
+    result = prime * result + (this.repositorySlug == null ? 0 : this.repositorySlug.hashCode());
     result =
-        prime * result + ((this.triggerIfCanMerge == null) ? 0 : this.triggerIfCanMerge.hashCode());
+        prime * result + (this.triggerIfCanMerge == null ? 0 : this.triggerIfCanMerge.hashCode());
     result =
         prime * result
-            + ((this.triggerIgnoreStateList == null) ? 0 : this.triggerIgnoreStateList.hashCode());
-    result = prime * result + ((this.triggers == null) ? 0 : this.triggers.hashCode());
-    result = prime * result + ((this.url == null) ? 0 : this.url.hashCode());
-    result = prime * result + ((this.user == null) ? 0 : this.user.hashCode());
-    result = prime * result + ((this.uuid == null) ? 0 : this.uuid.hashCode());
+            + (this.triggerIgnoreStateList == null ? 0 : this.triggerIgnoreStateList.hashCode());
+    result = prime * result + (this.triggers == null ? 0 : this.triggers.hashCode());
+    result = prime * result + (this.url == null ? 0 : this.url.hashCode());
+    result = prime * result + (this.user == null ? 0 : this.user.hashCode());
+    result = prime * result + (this.uuid == null ? 0 : this.uuid.hashCode());
     return result;
   }
 
@@ -395,4 +400,8 @@ public void setUser(String user) {
   public void setUuid(UUID uuid) {
     this.uuid = uuid;
   }
+
+  public ENCODE_FOR getPostContentEncoding() {
+    return postContentEncoding;
+  }
 }

src/main/java/se/bjurr/prnfb/service/PrnfbRenderer.java

@@ -5,12 +5,14 @@
 import static com.google.common.base.Throwables.propagate;
 import static java.net.URLEncoder.encode;
 import static org.slf4j.LoggerFactory.getLogger;
+import static se.bjurr.prnfb.service.PrnfbRenderer.ENCODE_FOR.HTML;
 import static se.bjurr.prnfb.service.PrnfbRenderer.ENCODE_FOR.URL;
 import static se.bjurr.prnfb.service.PrnfbVariable.EVERYTHING_URL;
 
 import java.io.UnsupportedEncodingException;
 import java.util.Map;
 
+import org.apache.commons.lang3.StringEscapeUtils;
 import org.slf4j.Logger;
 
 import com.atlassian.bitbucket.pull.PullRequest;
@@ -28,7 +30,8 @@
 public class PrnfbRenderer {
   public enum ENCODE_FOR {
     NONE,
-    URL
+    URL,
+    HTML
   }
 
   private static final Logger LOG = getLogger(PrnfbRenderer.class);
@@ -82,6 +85,8 @@ String getRenderedStringResolved(
       } catch (UnsupportedEncodingException e) {
         propagate(e);
       }
+    } else if (encodeFor == HTML) {
+      replaceWith = StringEscapeUtils.escapeHtml4(resolved);
     } else {
       replaceWith = resolved;
     }