ingo@0: package de.intevation.flys.client.server;
ingo@0: 
ingo@0: import de.intevation.flys.client.client.GreetingService;
ingo@0: import de.intevation.flys.client.shared.FieldVerifier;
ingo@0: import com.google.gwt.user.server.rpc.RemoteServiceServlet;
ingo@0: 
ingo@0: /**
ingo@0:  * The server side implementation of the RPC service.
ingo@0:  */
ingo@0: @SuppressWarnings("serial")
ingo@0: public class GreetingServiceImpl extends RemoteServiceServlet implements
ingo@0:     GreetingService {
ingo@0: 
ingo@0:   public String greetServer(String input) throws IllegalArgumentException {
ingo@0:     // Verify that the input is valid. 
ingo@0:     if (!FieldVerifier.isValidName(input)) {
ingo@0:       // If the input is not valid, throw an IllegalArgumentException back to
ingo@0:       // the client.
ingo@0:       throw new IllegalArgumentException(
ingo@0:           "Name must be at least 4 characters long");
ingo@0:     }
ingo@0: 
ingo@0:     String serverInfo = getServletContext().getServerInfo();
ingo@0:     String userAgent = getThreadLocalRequest().getHeader("User-Agent");
ingo@0: 
ingo@0:     // Escape data from the client to avoid cross-site script vulnerabilities.
ingo@0:     input = escapeHtml(input);
ingo@0:     userAgent = escapeHtml(userAgent);
ingo@0: 
ingo@0:     return "Hello, " + input + "!<br><br>I am running " + serverInfo
ingo@0:         + ".<br><br>It looks like you are using:<br>" + userAgent;
ingo@0:   }
ingo@0: 
ingo@0:   /**
ingo@0:    * Escape an html string. Escaping data received from the client helps to
ingo@0:    * prevent cross-site script vulnerabilities.
ingo@0:    * 
ingo@0:    * @param html the html string to escape
ingo@0:    * @return the escaped string
ingo@0:    */
ingo@0:   private String escapeHtml(String html) {
ingo@0:     if (html == null) {
ingo@0:       return null;
ingo@0:     }
ingo@0:     return html.replaceAll("&", "&amp;").replaceAll("<", "&lt;").replaceAll(
ingo@0:         ">", "&gt;");
ingo@0:   }
ingo@0: }