added NoXss validation

2025-08-12 18:30:42 +03:00 · 2025-08-12 18:30:42 +03:00 · 599ccdc43c
commit 599ccdc43c
parent 8e400fa2b4
4 changed files with 8 additions and 0 deletions
--- a/common/data/src/main/java/org/thingsboard/server/common/data/mobile/bundle/MobileAppBundle.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/mobile/bundle/MobileAppBundle.java
@ -30,6 +30,7 @@ import org.thingsboard.server.common.data.id.MobileAppId;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.mobile.layout.MobileLayoutConfig;
 import org.thingsboard.server.common.data.validation.Length;
+import org.thingsboard.server.common.data.validation.NoXss;

@EqualsAndHashCode(callSuper = true)
@Data
@ -40,9 +41,11 @@ public class MobileAppBundle extends BaseData<MobileAppBundleId> implements HasT
    private TenantId tenantId;
    @Schema(description = "Application bundle title. Cannot be empty", requiredMode = Schema.RequiredMode.REQUIRED)
    @NotBlank
+    @NoXss
    @Length(fieldName = "title")
    private String title;
    @Schema(description = "Application bundle description.")
+    @NoXss
    @Length(fieldName = "description")
    private String description;
    @Schema(description = "Android application id")
--- a/common/data/src/main/java/org/thingsboard/server/common/data/notification/rule/NotificationRule.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/notification/rule/NotificationRule.java
@ -62,6 +62,7 @@ public class NotificationRule extends BaseData<NotificationRuleId> implements Ha
    @Valid
    private NotificationRuleRecipientsConfig recipientsConfig;

+    @Valid
    private NotificationRuleConfig additionalConfig;

    private NotificationRuleId externalId;
--- a/common/data/src/main/java/org/thingsboard/server/common/data/notification/rule/NotificationRuleConfig.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/notification/rule/NotificationRuleConfig.java
@ -16,12 +16,14 @@
 package org.thingsboard.server.common.data.notification.rule;

 import lombok.Data;
+import org.thingsboard.server.common.data.validation.NoXss;

 import java.io.Serializable;

@Data
 public class NotificationRuleConfig implements Serializable {

+    @NoXss
    private String description;

 }
--- a/common/data/src/main/java/org/thingsboard/server/common/data/notification/template/DeliveryMethodNotificationTemplate.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/notification/template/DeliveryMethodNotificationTemplate.java
@ -24,6 +24,7 @@ import jakarta.validation.constraints.NotEmpty;
 import lombok.Data;
 import lombok.NoArgsConstructor;
 import org.thingsboard.server.common.data.notification.NotificationDeliveryMethod;
+import org.thingsboard.server.common.data.validation.NoXss;

 import java.util.List;

@ -43,6 +44,7 @@ public abstract class DeliveryMethodNotificationTemplate {

    private boolean enabled;
    @NotEmpty
+    @NoXss
    protected String body;

    public DeliveryMethodNotificationTemplate(DeliveryMethodNotificationTemplate other) {