23688905990

Committed 28 Mar 2026 04:02PM UTC coverage: 16.298% (+0.02%) from 16.274%

Build # 23688905990

Build Type

push

github

Committed by

tkuhn

Commit Message

feat: support <pre> in HTML sanitization and improve _multi_val handling

- Add <pre> to allowed HTML sanitizer elements and looksLikeHtml pattern
- Unify _multi_val to always split on newlines, checking each part
  individually for IRI vs literal (replaces looksLikeSpaceSeparatedIris)
- Add HTML sanitization support in QueryResultList _multi_val path
- Remove top/bottom margins on <pre> elements

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Run Details

756 of 5699 branches covered (13.27%)

Branch coverage included in aggregate %.

1902 of 10610 relevant lines covered (17.93%)

2.46 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

src/main/java/com/knowledgepixels/nanodash/component/QueryResultList.java

package com.knowledgepixels.nanodash.component;

import com.knowledgepixels.nanodash.*;
import com.knowledgepixels.nanodash.domain.MaintainedResource;
import com.knowledgepixels.nanodash.page.NanodashPage;
import com.knowledgepixels.nanodash.page.PublishPage;
import com.knowledgepixels.nanodash.repository.MaintainedResourceRepository;
import com.knowledgepixels.nanodash.template.Template;
import org.apache.wicket.Component;
import org.apache.wicket.ajax.markup.html.navigation.paging.AjaxPagingNavigator;
import org.apache.wicket.extensions.markup.html.repeater.data.table.NavigatorLabel;
import org.apache.wicket.markup.html.WebMarkupContainer;
import org.apache.wicket.markup.html.basic.Label;
import org.apache.wicket.markup.html.link.AbstractLink;
import org.apache.wicket.markup.html.link.BookmarkablePageLink;
import org.apache.wicket.markup.repeater.Item;
import org.apache.wicket.markup.repeater.RepeatingView;
import org.apache.wicket.markup.repeater.data.DataView;
import org.apache.wicket.model.Model;
import org.apache.wicket.request.mapper.parameter.PageParameters;
import org.eclipse.rdf4j.model.IRI;
import org.nanopub.extra.services.ApiResponse;
import org.nanopub.extra.services.ApiResponseEntry;
import org.nanopub.extra.services.QueryRef;

import java.util.ArrayList;
import java.util.List;

/**
 * Component for displaying query results in a list format.
 */
public class QueryResultList extends QueryResult {

    private static final String SEPARATOR = " · ";

    /**
     * Constructor for QueryResultList.
     *
     * @param markupId    the markup ID
     * @param queryRef    the query reference
     * @param response    the API response
     * @param viewDisplay the view display
     */
    QueryResultList(String markupId, QueryRef queryRef, ApiResponse response, ViewDisplay viewDisplay) {
        super(markupId, queryRef, response, viewDisplay);

        String label = grlcQuery.getLabel();
        if (viewDisplay.getTitle() != null) {
            label = viewDisplay.getTitle();
        }
        add(new Label("label", label));
        setOutputMarkupId(true);
        populateComponent();
    }

    @Override
    protected void populateComponent() {
        QueryResultDataProvider dataProvider = new QueryResultDataProvider(response.getData());
        DataView<ApiResponseEntry> dataView = new DataView<>("items", dataProvider) {

            @Override
            protected void populateItem(Item<ApiResponseEntry> item) {
                ApiResponseEntry entry = item.getModelObject();
                RepeatingView listItem = new RepeatingView("listItem");

                List<Component> components = new ArrayList<>();
                for (String key : response.getHeader()) {
                    if (key.endsWith("_label") || key.endsWith("_label_multi")) {
                        continue;
                    }
                    String entryValue = entry.get(key);
                    if (entryValue != null && !entryValue.isBlank()) {
                        if (key.endsWith("_multi_iri")) {
                            String[] uris = entryValue.split(" ");
                            String labelKey = key.substring(0, key.length() - "_multi_iri".length()) + "_label_multi";
                            String labelValue = entry.get(labelKey);
                            String[] labels = labelValue != null ? labelValue.split("\n", -1) : null;
                            List<Component> links = new ArrayList<>();
                            for (int i = 0; i < uris.length; i++) {
                                String label = (labels != null && i < labels.length) ? Utils.unescapeMultiValue(labels[i]) : null;
                                links.add(new NanodashLink("component", uris[i], null, null, label, contextId));
                            }
                            components.add(new ComponentSequence("component", ", ", links));
                        } else if (key.endsWith("_multi_val")) {
                            String labelKey = key.substring(0, key.length() - "_multi_val".length()) + "_label_multi";
                            String labelValue = entry.get(labelKey);
                            String[] parts = entryValue.split("\n", -1);
                            String[] labels = labelValue != null ? labelValue.split("\n", -1) : null;
                            List<Component> multiComponents = new ArrayList<>();
                            for (int i = 0; i < parts.length; i++) {
                                String part = parts[i];
                                String label = (labels != null && i < labels.length) ? Utils.unescapeMultiValue(labels[i]) : null;
                                if (part.matches("https?://.+")) {
                                    multiComponents.add(new NanodashLink("component", part, null, null, label, contextId));
                                } else {
                                    String display = label != null ? label : Utils.unescapeMultiValue(part);
                                    boolean isHtml = Utils.looksLikeHtml(display);
                                    if (isHtml) {
                                        display = Utils.sanitizeHtml(display);
                                    }
                                    multiComponents.add(new Label("component", display).setEscapeModelStrings(!isHtml));
                                }
                            }
                            components.add(new ComponentSequence("component", ", ", multiComponents));
                        } else if (key.endsWith("_multi")) {
                            String[] parts = entryValue.split("\n", -1);
                            String labelKey = key.substring(0, key.length() - "_multi".length()) + "_label_multi";
                            String labelValue = entry.get(labelKey);
                            String[] labels = labelValue != null ? labelValue.split("\n", -1) : null;
                            List<Component> multiComponents = new ArrayList<>();
                            for (int i = 0; i < parts.length; i++) {
                                String display;
                                if (labels != null && i < labels.length) {
                                    display = Utils.unescapeMultiValue(labels[i]);
                                } else {
                                    display = Utils.unescapeMultiValue(parts[i]);
                                }
                                multiComponents.add(new Label("component", display));
                            }
                            components.add(new ComponentSequence("component", ", ", multiComponents));
                        } else if (entryValue.matches("https?://.+")) {
                            String entryLabel = entry.get(key + "_label");
                            components.add(new NanodashLink("component", entryValue, null, null, entryLabel, contextId));
                        } else {
                            if (Utils.looksLikeHtml(entryValue)) {
                                entryValue = Utils.sanitizeHtml(entryValue);
                            }
                            components.add(new Label("component", entryValue).setEscapeModelStrings(false));
                        }
                    }
                }
                View view = viewDisplay.getView();
                if (view != null && !view.getViewEntryActionList().isEmpty()) {
                    List<AbstractLink> links = new ArrayList<>();
                    for (IRI actionIri : view.getViewEntryActionList()) {
                        // TODO Copied code and adjusted from QueryResultTableBuilder:
                        Template t = view.getTemplateForAction(actionIri);
                        if (t == null) continue;
                        String targetField = view.getTemplateTargetFieldForAction(actionIri);
                        if (targetField == null) targetField = "resource";
                        String labelForAction = view.getLabelForAction(actionIri);
                        if (labelForAction == null) labelForAction = "action...";
                        if (!labelForAction.endsWith("...")) labelForAction += "...";
                        PageParameters params = new PageParameters().set("template", t.getId())
                                .set("param_" + targetField, contextId)
                                .set("context", contextId)
                                .set("template-version", "latest");
                        String partField = view.getTemplatePartFieldForAction(actionIri);
                        if (partField != null) {
                            // TODO Find a better way to pass the MaintainedResource object to this method:
                            MaintainedResource r = MaintainedResourceRepository.get().findById(contextId);
                            if (r != null && r.getNamespace() != null) {
                                params.set("param_" + partField, r.getNamespace() + "<SET-SUFFIX>");
                            }
                        }
                        String queryMapping = view.getTemplateQueryMapping(actionIri);
                        if (queryMapping != null && queryMapping.contains(":")) {
                            // This part is different from the code in QueryResultTableBuilder:
                            String queryParam = queryMapping.split(":")[0];
                            String templateParam = queryMapping.split(":")[1];
                            params.set("param_" + templateParam, entry.get(queryParam));
                        }
                        params.set("refresh-upon-publish", queryRef.getAsUrlString());
                        AbstractLink button = new BookmarkablePageLink<NanodashPage>("button", PublishPage.class, params);
                        button.setBody(Model.of(labelForAction));
                        links.add(button);
                    }
                    components.add(new ButtonList("component", resourceWithProfile, links, null, null));
                }
                ComponentSequence componentSequence = new ComponentSequence(listItem.newChildId(), SEPARATOR, components);
                listItem.add(componentSequence);
                item.add(listItem);
            }
        };
        dataView.setItemsPerPage(10);
        dataView.setOutputMarkupId(true);

        WebMarkupContainer navigation = new WebMarkupContainer("navigation");
        navigation.add(new NavigatorLabel("navigatorLabel", dataView));
        AjaxPagingNavigator pagingNavigator = new AjaxPagingNavigator("navigator", dataView);
        navigation.setVisible(dataView.getPageCount() > 1);
        navigation.add(pagingNavigator);

        add(navigation);
        add(dataView);
    }

}

1	package com.knowledgepixels.nanodash.component;
2
3	import com.knowledgepixels.nanodash.*;
4	import com.knowledgepixels.nanodash.domain.MaintainedResource;
5	import com.knowledgepixels.nanodash.page.NanodashPage;
6	import com.knowledgepixels.nanodash.page.PublishPage;
7	import com.knowledgepixels.nanodash.repository.MaintainedResourceRepository;
8	import com.knowledgepixels.nanodash.template.Template;
9	import org.apache.wicket.Component;
10	import org.apache.wicket.ajax.markup.html.navigation.paging.AjaxPagingNavigator;
11	import org.apache.wicket.extensions.markup.html.repeater.data.table.NavigatorLabel;
12	import org.apache.wicket.markup.html.WebMarkupContainer;
13	import org.apache.wicket.markup.html.basic.Label;
14	import org.apache.wicket.markup.html.link.AbstractLink;
15	import org.apache.wicket.markup.html.link.BookmarkablePageLink;
16	import org.apache.wicket.markup.repeater.Item;
17	import org.apache.wicket.markup.repeater.RepeatingView;
18	import org.apache.wicket.markup.repeater.data.DataView;
19	import org.apache.wicket.model.Model;
20	import org.apache.wicket.request.mapper.parameter.PageParameters;
21	import org.eclipse.rdf4j.model.IRI;
22	import org.nanopub.extra.services.ApiResponse;
23	import org.nanopub.extra.services.ApiResponseEntry;
24	import org.nanopub.extra.services.QueryRef;
25
26	import java.util.ArrayList;
27	import java.util.List;
28
29	/**
30	* Component for displaying query results in a list format.
31	*/
32	public class QueryResultList extends QueryResult {
33
34	private static final String SEPARATOR = " · ";
35
36	/**
37	* Constructor for QueryResultList.
38	*
39	* @param markupId the markup ID
40	* @param queryRef the query reference
41	* @param response the API response
42	* @param viewDisplay the view display
43	*/
44	QueryResultList(String markupId, QueryRef queryRef, ApiResponse response, ViewDisplay viewDisplay) {
45	super(markupId, queryRef, response, viewDisplay);	×
46
47	String label = grlcQuery.getLabel();	×
48	if (viewDisplay.getTitle() != null) {	×
49	label = viewDisplay.getTitle();	×
50	}
51	add(new Label("label", label));	×
52	setOutputMarkupId(true);	×
53	populateComponent();	×
54	}	×
55
56	@Override
57	protected void populateComponent() {
58	QueryResultDataProvider dataProvider = new QueryResultDataProvider(response.getData());	×
59	DataView<ApiResponseEntry> dataView = new DataView<>("items", dataProvider) {	×
60
61	@Override
62	protected void populateItem(Item<ApiResponseEntry> item) {
63	ApiResponseEntry entry = item.getModelObject();	×
64	RepeatingView listItem = new RepeatingView("listItem");	×
65
66	List<Component> components = new ArrayList<>();	×
67	for (String key : response.getHeader()) {	×
68	if (key.endsWith("_label") \|\| key.endsWith("_label_multi")) {	×
69	continue;	×
70	}
71	String entryValue = entry.get(key);	×
72	if (entryValue != null && !entryValue.isBlank()) {	×
73	if (key.endsWith("_multi_iri")) {	×
74	String[] uris = entryValue.split(" ");	×
75	String labelKey = key.substring(0, key.length() - "_multi_iri".length()) + "_label_multi";	×
76	String labelValue = entry.get(labelKey);	×
77	String[] labels = labelValue != null ? labelValue.split("\n", -1) : null;	×
78	List<Component> links = new ArrayList<>();	×
79	for (int i = 0; i < uris.length; i++) {	×
80	String label = (labels != null && i < labels.length) ? Utils.unescapeMultiValue(labels[i]) : null;	×
81	links.add(new NanodashLink("component", uris[i], null, null, label, contextId));	×
82	}
83	components.add(new ComponentSequence("component", ", ", links));	×
84	} else if (key.endsWith("_multi_val")) {	×
85	String labelKey = key.substring(0, key.length() - "_multi_val".length()) + "_label_multi";	×
86	String labelValue = entry.get(labelKey);	×
87	String[] parts = entryValue.split("\n", -1);	×
88	String[] labels = labelValue != null ? labelValue.split("\n", -1) : null;	×
89	List<Component> multiComponents = new ArrayList<>();	×
90	for (int i = 0; i < parts.length; i++) {	×
91	String part = parts[i];	×
92	String label = (labels != null && i < labels.length) ? Utils.unescapeMultiValue(labels[i]) : null;	×
93	if (part.matches("https?://.+")) {	×
94	multiComponents.add(new NanodashLink("component", part, null, null, label, contextId));	×
95	} else {
96	String display = label != null ? label : Utils.unescapeMultiValue(part);	×
97	boolean isHtml = Utils.looksLikeHtml(display);	×
98	if (isHtml) {	×
99	display = Utils.sanitizeHtml(display);	×
100	}
101	multiComponents.add(new Label("component", display).setEscapeModelStrings(!isHtml));	×
102	}
103	}
104	components.add(new ComponentSequence("component", ", ", multiComponents));	×
105	} else if (key.endsWith("_multi")) {	×
106	String[] parts = entryValue.split("\n", -1);	×
107	String labelKey = key.substring(0, key.length() - "_multi".length()) + "_label_multi";	×
108	String labelValue = entry.get(labelKey);	×
109	String[] labels = labelValue != null ? labelValue.split("\n", -1) : null;	×
110	List<Component> multiComponents = new ArrayList<>();	×
111	for (int i = 0; i < parts.length; i++) {	×
112	String display;
113	if (labels != null && i < labels.length) {	×
114	display = Utils.unescapeMultiValue(labels[i]);	×
115	} else {
116	display = Utils.unescapeMultiValue(parts[i]);	×
117	}
118	multiComponents.add(new Label("component", display));	×
119	}
120	components.add(new ComponentSequence("component", ", ", multiComponents));	×
121	} else if (entryValue.matches("https?://.+")) {	×
122	String entryLabel = entry.get(key + "_label");	×
123	components.add(new NanodashLink("component", entryValue, null, null, entryLabel, contextId));	×
124	} else {	×
125	if (Utils.looksLikeHtml(entryValue)) {	×
126	entryValue = Utils.sanitizeHtml(entryValue);	×
127	}
128	components.add(new Label("component", entryValue).setEscapeModelStrings(false));	×
129	}
130	}
131	}
132	View view = viewDisplay.getView();	×
133	if (view != null && !view.getViewEntryActionList().isEmpty()) {	×
134	List<AbstractLink> links = new ArrayList<>();	×
135	for (IRI actionIri : view.getViewEntryActionList()) {	×
136	// TODO Copied code and adjusted from QueryResultTableBuilder:
137	Template t = view.getTemplateForAction(actionIri);	×
138	if (t == null) continue;	×
139	String targetField = view.getTemplateTargetFieldForAction(actionIri);	×
140	if (targetField == null) targetField = "resource";	×
141	String labelForAction = view.getLabelForAction(actionIri);	×
142	if (labelForAction == null) labelForAction = "action...";	×
143	if (!labelForAction.endsWith("...")) labelForAction += "...";	×
144	PageParameters params = new PageParameters().set("template", t.getId())	×
145	.set("param_" + targetField, contextId)	×
146	.set("context", contextId)	×
147	.set("template-version", "latest");	×
148	String partField = view.getTemplatePartFieldForAction(actionIri);	×
149	if (partField != null) {	×
150	// TODO Find a better way to pass the MaintainedResource object to this method:
151	MaintainedResource r = MaintainedResourceRepository.get().findById(contextId);	×
152	if (r != null && r.getNamespace() != null) {	×
153	params.set("param_" + partField, r.getNamespace() + "<SET-SUFFIX>");	×
154	}
155	}
156	String queryMapping = view.getTemplateQueryMapping(actionIri);	×
157	if (queryMapping != null && queryMapping.contains(":")) {	×
158	// This part is different from the code in QueryResultTableBuilder:
159	String queryParam = queryMapping.split(":")[0];	×
160	String templateParam = queryMapping.split(":")[1];	×
161	params.set("param_" + templateParam, entry.get(queryParam));	×
162	}
163	params.set("refresh-upon-publish", queryRef.getAsUrlString());	×
164	AbstractLink button = new BookmarkablePageLink<NanodashPage>("button", PublishPage.class, params);	×
165	button.setBody(Model.of(labelForAction));	×
166	links.add(button);	×
167	}	×
168	components.add(new ButtonList("component", resourceWithProfile, links, null, null));	×
169	}
170	ComponentSequence componentSequence = new ComponentSequence(listItem.newChildId(), SEPARATOR, components);	×
171	listItem.add(componentSequence);	×
172	item.add(listItem);	×
173	}	×
174	};
175	dataView.setItemsPerPage(10);	×
176	dataView.setOutputMarkupId(true);	×
177
178	WebMarkupContainer navigation = new WebMarkupContainer("navigation");	×
179	navigation.add(new NavigatorLabel("navigatorLabel", dataView));	×
180	AjaxPagingNavigator pagingNavigator = new AjaxPagingNavigator("navigator", dataView);	×
181	navigation.setVisible(dataView.getPageCount() > 1);	×
182	navigation.add(pagingNavigator);	×
183
184	add(navigation);	×
185	add(dataView);	×
186	}	×
187
188	}

knowledgepixels / nanodash / 23688905990

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous