From 2fadc3ca1e2398e23d092de38b01f809678aed88 Mon Sep 17 00:00:00 2001
From: Viktor Dahl <viktor.dahl@teliacompany.com>
Date: Tue, 11 Apr 2023 15:54:34 +0200
Subject: [PATCH 1/2] Don't downcast to GSON classes in HtmlRendererProvider

Downcasting data to LinkedTreeMap means that a CDARichHyperLink constructed in
any other way than parsing with GSON will just silently render as null.
Fix by just downcasting to Map (which is all we need anyway).
---
 .../rich/html/HtmlRendererProvider.java       |  6 +++---
 html/src/test/java/LinksTest.java             | 20 +++++++++++++++++++
 2 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/html/src/main/java/com/contentful/rich/html/HtmlRendererProvider.java b/html/src/main/java/com/contentful/rich/html/HtmlRendererProvider.java
index 423690f..3edac13 100644
--- a/html/src/main/java/com/contentful/rich/html/HtmlRendererProvider.java
+++ b/html/src/main/java/com/contentful/rich/html/HtmlRendererProvider.java
@@ -22,9 +22,9 @@
 import com.contentful.rich.html.renderer.TagRenderer;
 import com.contentful.rich.html.renderer.TagWithArgumentsRenderer;
 import com.contentful.rich.html.renderer.TextRenderer;
-import com.google.gson.internal.LinkedTreeMap;
 
 import javax.annotation.Nonnull;
+import java.util.Map;
 
 import static com.contentful.rich.html.renderer.TagWithArgumentsRenderer.mapifyArguments;
 
@@ -61,11 +61,11 @@ void provide(@Nonnull Processor<HtmlContext, String> processor) {
             (node) -> mapifyArguments("href", (String) ((CDARichHyperLink) node).getData()))
     );
     processor.addRenderer(
-            (context, node) -> node instanceof CDARichHyperLink && ((CDARichHyperLink) node).getData() instanceof LinkedTreeMap,
+            (context, node) -> node instanceof CDARichHyperLink && ((CDARichHyperLink) node).getData() instanceof Map,
             new TagWithArgumentsRenderer(
                     processor,
                     "a",
-                    (node) -> mapifyArguments("href", (String) ((LinkedTreeMap<?, ?>) ((CDARichHyperLink) node).getData()).get("uri")))
+                    (node) -> mapifyArguments("href", (String) ((Map<?, ?>) ((CDARichHyperLink) node).getData()).get("uri")))
     );
     processor.addRenderer(
         (context, node) -> node instanceof CDARichQuote,
diff --git a/html/src/test/java/LinksTest.java b/html/src/test/java/LinksTest.java
index 7c0f19e..6398cda 100644
--- a/html/src/test/java/LinksTest.java
+++ b/html/src/test/java/LinksTest.java
@@ -6,6 +6,8 @@
 import org.junit.Test;
 
 import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Map;
 
 import static com.google.common.truth.Truth.assertThat;
 
@@ -28,6 +30,24 @@ public void renderLinkTest() {
         "</a>\n");
   }
 
+  @Test
+  public void renderLinkWithUriTest() {
+    final HtmlProcessor processor = new HtmlProcessor();
+    final HtmlContext context = new HtmlContext();
+
+    final Map<String, Object> linkProps = new HashMap<>();
+    linkProps.put("uri", "https://contentful.com");
+    final CDARichHyperLink link = new CDARichHyperLink(linkProps);
+    link.getContent().add(new CDARichText("Some link text<br/>", new ArrayList<>()));
+
+    final String result = processor.process(context, link);
+
+    assertThat(result).isEqualTo("" +
+            "<a href=\"https://contentful.com\">\n" +
+            "  Some link text&lt;br/&gt;\n" +
+            "</a>\n");
+  }
+
   @Test
   public void createUnsanitzedStrings() {
     final HtmlProcessor processor = new HtmlProcessor();

From 9b0c8a41ea8a4c3e8c4357d9c8a6808fd49ea9c5 Mon Sep 17 00:00:00 2001
From: Viktor Dahl <viktor.dahl@teliacompany.com>
Date: Tue, 11 Apr 2023 16:10:25 +0200
Subject: [PATCH 2/2] Update dependencies in html

commons-text:1.9 is affected by CVE-2022-42889. From what I can see the usage
in html is not affected, but we might as well upgrade.

core and android already depended on junit:4.13.2, so upgrading in html
just brings it in line with the other modules.
---
 html/build.gradle | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/html/build.gradle b/html/build.gradle
index 9fde73b..f67106a 100644
--- a/html/build.gradle
+++ b/html/build.gradle
@@ -38,9 +38,9 @@ dependencies {
     api (project(":core"))
     api "com.contentful.java:java-sdk:${project.contentful_version}"
     implementation 'com.google.code.findbugs:jsr305:3.0.2'
-    implementation 'org.apache.commons:commons-text:1.9'
+    implementation 'org.apache.commons:commons-text:1.10.0'
     testImplementation 'com.google.truth:truth:0.42'
-    testImplementation 'junit:junit:4.13.1'
+    testImplementation 'junit:junit:4.13.2'
 }
 java {
     sourceCompatibility = JavaVersion.VERSION_1_8