From 1e76c21f108675a8ffc4a7ec9d63767361b2af85 Mon Sep 17 00:00:00 2001
From: srosse <stephane.rosse@frentix.com>
Date: Mon, 17 Jun 2019 12:50:52 +0200
Subject: [PATCH] OO-3609, OO-4069: add br to the policy

---
 .../org/olat/core/logging/OLATRuntimeException.java | 13 +++++++------
 .../olat/core/util/filter/impl/OpenOLATPolicy.java  |  4 +++-
 .../core/util/filter/impl/XSSFilterParamTest.java   |  1 +
 3 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/src/main/java/org/olat/core/logging/OLATRuntimeException.java b/src/main/java/org/olat/core/logging/OLATRuntimeException.java
index 895edfc14a3..9fe1a3bf6a2 100644
--- a/src/main/java/org/olat/core/logging/OLATRuntimeException.java
+++ b/src/main/java/org/olat/core/logging/OLATRuntimeException.java
@@ -97,18 +97,19 @@ public class OLATRuntimeException extends RuntimeException {
 	 * @return HTML fragment.
 	 */
 	public static String throwableToHtml(Throwable th) {
-		StringBuilder sb = new StringBuilder("<br>");
+		StringBuilder sb = new StringBuilder(10000);
+		sb.append("<br>");
 		if (th == null) {
 			sb.append("n/a");
 		}
 		else {	
-			sb.append("Throwable: "+th.getClass().getName()+"<br /><br />");
+			sb.append("Throwable: ").append(th.getClass().getName()).append("<br><br>");
 			toHtml(sb, th);
 			// 1st cause:
 			Throwable ca = th.getCause();
 			int i=1;
 			while (ca != null) {
-				sb.append("<hr /><br />"+i+". cause:<br /><br />");
+				sb.append("<hr /><br>").append(i).append(". cause:<br><br>");
 				toHtml(sb,ca);
 				i++;
 				ca = ca.getCause();	
@@ -119,14 +120,14 @@ public class OLATRuntimeException extends RuntimeException {
 
 	private static void toHtml(StringBuilder sb, Throwable th) {
 		if (th instanceof OLATRuntimeException) {
-			sb.append("logmsg:").append(((OLATRuntimeException)th).getLogMsg()).append("<br />");
+			sb.append("logmsg:").append(((OLATRuntimeException)th).getLogMsg()).append("<br>");
 		}
-		sb.append("message:" + th.getMessage() + "," +th.getClass().getName() + "<br /><br />");
+		sb.append("message:" + th.getMessage() + "," +th.getClass().getName() + "<br><br>");
 		StackTraceElement[] ste = th.getStackTrace();	
 		int nr = ste.length < 10? ste.length: 10;	
 		for (int i = 0; i < nr; i++) {
 			StackTraceElement st = ste[i];
-			sb.append("at "+ st.toString() + "<br />");
+			sb.append("at ").append(st.toString()).append("<br>");
 		}
 	}
 
diff --git a/src/main/java/org/olat/core/util/filter/impl/OpenOLATPolicy.java b/src/main/java/org/olat/core/util/filter/impl/OpenOLATPolicy.java
index 4a12bd7087f..4586307ab7a 100644
--- a/src/main/java/org/olat/core/util/filter/impl/OpenOLATPolicy.java
+++ b/src/main/java/org/olat/core/util/filter/impl/OpenOLATPolicy.java
@@ -239,10 +239,12 @@ public class OpenOLATPolicy {
 		
 		.allowElements("dd","tbody","dl","caption","hr","div","dt","ul","init","blockquote","pre","em","figcaption","sub",
 				"strong","img","thead","h1","h2","h3","h4","h5","h6","sup","ol","table","b","figure","strike","i","p",
-				"tfoot","td","s","th","u","li","tr","span")
+				"tfoot","td","s","th","u","li","tr", "span")
 		
 		.allowElements("hr")
 			.allowWithoutAttributes("hr")
+		.allowElements("br")
+			.allowWithoutAttributes("br")
 		.allowElements("a")
 			.allowWithoutAttributes("a")
 		.allowElements("img")
diff --git a/src/test/java/org/olat/core/util/filter/impl/XSSFilterParamTest.java b/src/test/java/org/olat/core/util/filter/impl/XSSFilterParamTest.java
index 4c50a1c5a69..258691f98a0 100644
--- a/src/test/java/org/olat/core/util/filter/impl/XSSFilterParamTest.java
+++ b/src/test/java/org/olat/core/util/filter/impl/XSSFilterParamTest.java
@@ -184,6 +184,7 @@ public class XSSFilterParamTest {
 /* 100 */	{ "<img src=\"/olat/edusharing/preview?objectUrl=ccrep://OpenOLAT/d5130470-14b4-4ad4-88b7-dfb3ebe943da&version=1.0\" data-es_identifier=\"2083dbe64f00b07232b11608ec0842fc\" data-es_objecturl=\"ccrep://OpenOLAT/d5130470-14b4-4ad4-88b7-dfb3ebe943da\" data-es_version=\"1.0\" data-es_version_current=\"1.0\" data-es_mediatype='i23' data-es_mimetype=\"image/png\" data-es_width=\"1000\" data-es_height=\"446\" data-es_first_edit=\"false\" class=\"edusharing\" alt=\"Bildschirmfoto 2018-11-07 um 16.09.49.png\" title=\"Bildschirmfoto 2018-11-07 um 16.09.49.png\" width=\"1000\" height=\"446\">",
 				"<img src=\"/olat/edusharing/preview?objectUrl&#61;ccrep://OpenOLAT/d5130470-14b4-4ad4-88b7-dfb3ebe943da&amp;version&#61;1.0\" data-es_identifier=\"2083dbe64f00b07232b11608ec0842fc\" data-es_objecturl=\"ccrep://OpenOLAT/d5130470-14b4-4ad4-88b7-dfb3ebe943da\" data-es_version=\"1.0\" data-es_version_current=\"1.0\" data-es_mediatype=\"i23\" data-es_mimetype=\"image/png\" data-es_width=\"1000\" data-es_height=\"446\" data-es_first_edit=\"false\" class=\"edusharing\" alt=\"Bildschirmfoto 2018-11-07 um 16.09.49.png\" title=\"Bildschirmfoto 2018-11-07 um 16.09.49.png\" width=\"1000\" height=\"446\" />"	
 			},
+			{ "Before<br>After<br>More", "Before<br />After<br />More" },
 			{ null, "" } // be tolerant
         });
     }
-- 
GitLab