From a8c03a3be37e9ab7eb24dbbe8498261f145876d4 Mon Sep 17 00:00:00 2001
From: Alex Ebadirad <aebadirad@42six.com>
Date: Mon, 4 Jun 2012 13:51:15 -0700
Subject: [PATCH] Using apache commons lang to escape html/xml from reports.

---
 Report/src/org/sleuthkit/autopsy/report/ReportHTML.java | 4 ++--
 Report/src/org/sleuthkit/autopsy/report/ReportXLS.java  | 3 ++-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/Report/src/org/sleuthkit/autopsy/report/ReportHTML.java b/Report/src/org/sleuthkit/autopsy/report/ReportHTML.java
index ccedf37a80..f88af81995 100644
--- a/Report/src/org/sleuthkit/autopsy/report/ReportHTML.java
+++ b/Report/src/org/sleuthkit/autopsy/report/ReportHTML.java
@@ -34,7 +34,7 @@ import java.util.Map.Entry;
 import java.util.TreeMap;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang.StringEscapeUtils;
 import org.sleuthkit.autopsy.casemodule.Case;
 import org.sleuthkit.autopsy.ingest.IngestManager;
 import org.sleuthkit.datamodel.*;
@@ -292,7 +292,7 @@ public class ReportHTML implements ReportModule {
                     value = "";
                 }
                 value = ReportUtils.insertPeriodically(value, "<br>", 30);
-                attributes.put(type, StringUtils.replaceEach(value, new String[]{"&", "\"", "<", ">"}, new String[]{"&amp;", "&quot;", "&lt;", "&gt;"}));
+                attributes.put(type, StringEscapeUtils.escapeHtml(value));
 
             }
 
diff --git a/Report/src/org/sleuthkit/autopsy/report/ReportXLS.java b/Report/src/org/sleuthkit/autopsy/report/ReportXLS.java
index 53d0bf670d..bc5b754f91 100644
--- a/Report/src/org/sleuthkit/autopsy/report/ReportXLS.java
+++ b/Report/src/org/sleuthkit/autopsy/report/ReportXLS.java
@@ -33,6 +33,7 @@ import java.util.Map.Entry;
 import java.util.TreeMap;
 import java.util.logging.Level;
 import java.util.logging.Logger;
+import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.poi.ss.usermodel.*;
 import org.apache.poi.xssf.usermodel.XSSFWorkbook;
 import org.sleuthkit.autopsy.casemodule.Case;
@@ -303,7 +304,7 @@ public class ReportXLS implements ReportModule {
                         value = tempatt.getValueString();
                     }
 
-                    attributes.put(type, value);
+                    attributes.put(type, StringEscapeUtils.escapeXml(value));
                     cc++;
                 }