Improve validation of xml mindmaps during save.

wise-webapp/src/main/java/com/wisemapping/model/Mindmap.java

@@ -19,6 +19,7 @@
 package com.wisemapping.model;
 
 import com.wisemapping.exceptions.AccessDeniedSecurityException;
+import com.wisemapping.exceptions.InvalidMindmapException;
 import com.wisemapping.exceptions.WiseMappingException;
 import com.wisemapping.util.ZipUtils;
 import org.apache.commons.lang.StringEscapeUtils;
@@ -94,7 +95,9 @@ public class Mindmap implements Serializable {
         }
     }
 
-    public void setXmlStr(@NotNull String xml) {
+    public void setXmlStr(@NotNull String xml) throws InvalidMindmapException {
+        // Is a valid mindmap ... ?
+        MindmapUtils.verifyMindmap(xml);
         this.setUnzipXml(xml.getBytes(StandardCharsets.UTF_8));
     }
 

wise-webapp/src/main/java/com/wisemapping/model/MindmapUtils.java

@@ -0,0 +1,27 @@
+package com.wisemapping.model;
+
+
+import com.wisemapping.exceptions.InvalidMindmapException;
+import org.jetbrains.annotations.Nullable;
+
+abstract public class MindmapUtils {
+
+    private static final int MAX_SUPPORTED_NODES = 500;
+
+    public static void verifyMindmap(@Nullable String xmlDoc) throws InvalidMindmapException {
+        if (xmlDoc == null || xmlDoc.trim().isEmpty()) {
+            // Perform basic structure validation. Must have a map node and
+            throw InvalidMindmapException.emptyMindmap();
+        }
+
+        // Perform basic structure validation without parsing the XML.
+        if (!xmlDoc.trim().endsWith("</map>") || !xmlDoc.trim().startsWith("<map")) {
+            throw InvalidMindmapException.invalidFormat(xmlDoc);
+        }
+
+        // Validate that the number of nodes is not bigger 500 nodes.
+        if (xmlDoc.split("<topic").length > MAX_SUPPORTED_NODES) {
+            throw InvalidMindmapException.tooBigMindnap();
+        }
+    }
+}