From 51eb87a84be88d28383ea48f6e341ffe1203c5ba Mon Sep 17 00:00:00 2001
From: Bosanac Dejan <dejanb@apache.org>
Date: Thu, 18 Oct 2012 10:57:52 +0000
Subject: [PATCH] https://issues.apache.org/jira/browse/AMQ-4115 - xss in web
 demos

git-svn-id: https://svn.apache.org/repos/asf/activemq/trunk@1399577 13f79535-47bb-0310-9956-ffa450edef68
---
 activemq-web-demo/src/main/webapp/websocket/chat.js        | 4 ++--
 .../org/apache/activemq/web/PortfolioPublishServlet.java   | 7 ++++++-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/activemq-web-demo/src/main/webapp/websocket/chat.js b/activemq-web-demo/src/main/webapp/websocket/chat.js
index fe08d1bb06..e89bf098df 100644
--- a/activemq-web-demo/src/main/webapp/websocket/chat.js
+++ b/activemq-web-demo/src/main/webapp/websocket/chat.js
@@ -29,7 +29,7 @@ $(document).ready(function(){
 
     // this allows to display debug logs directly on the web page
     client.debug = function(str) {
-      $("#debug").append(str + "\n");
+      $("#debug").append(document.createTextNode(str + "\n"));
     };
     // the client is notified when it is connected to the server.
     var onconnect = function(frame) {
@@ -39,7 +39,7 @@ $(document).ready(function(){
       $('#send_form_input').removeAttr('disabled');
 
       client.subscribe(destination, function(message) {
-        $("#messages").append("<p>" + message.body + "</p>\n");
+        $("#messages").append(document.createTextNode("<p>" + message.body + "</p>\n"));
       });
     };
     client.connect(login, passcode, onconnect);
diff --git a/activemq-web/src/main/java/org/apache/activemq/web/PortfolioPublishServlet.java b/activemq-web/src/main/java/org/apache/activemq/web/PortfolioPublishServlet.java
index 046ea0dff8..351ff91d9b 100644
--- a/activemq-web/src/main/java/org/apache/activemq/web/PortfolioPublishServlet.java
+++ b/activemq-web/src/main/java/org/apache/activemq/web/PortfolioPublishServlet.java
@@ -70,7 +70,8 @@ public class PortfolioPublishServlet extends MessageServletSupport {
                 }
                 out.print(refreshRate);
                 out.println("'/></head>");
-                out.println("<body>Published <b>" + count + "</b> of " + total + " price messages.  Refresh = " + refreshRate + "s");
+                out.println("<body>Published <b>" + escape(Integer.toString(count)) + "</b> of " + escape(Integer.toString(total))
+                        + " price messages.  Refresh = " + escape(refreshRate) + "s");
                 out.println("</body></html>");
 
             } catch (JMSException e) {
@@ -129,4 +130,8 @@ public class PortfolioPublishServlet extends MessageServletSupport {
         }
         return 1;
     }
+
+    protected String escape(String text) throws IOException {
+        return java.net.URLEncoder.encode(text, "UTF-8");
+    }
 }