https://issues.apache.org/jira/browse/AMQ-4115 - xss in web demos

git-svn-id: https://svn.apache.org/repos/asf/activemq/trunk@1399577 13f79535-47bb-0310-9956-ffa450edef68

activemq-web-demo/src/main/webapp/websocket/chat.js

@@ -29,7 +29,7 @@ $(document).ready(function(){
 
     // this allows to display debug logs directly on the web page
     client.debug = function(str) {
-      $("#debug").append(str + "\n");
+      $("#debug").append(document.createTextNode(str + "\n"));
     };
     // the client is notified when it is connected to the server.
     var onconnect = function(frame) {
@@ -39,7 +39,7 @@ $(document).ready(function(){
       $('#send_form_input').removeAttr('disabled');
 
       client.subscribe(destination, function(message) {
-        $("#messages").append("<p>" + message.body + "</p>\n");
+        $("#messages").append(document.createTextNode("<p>" + message.body + "</p>\n"));
       });
     };
     client.connect(login, passcode, onconnect);

activemq-web/src/main/java/org/apache/activemq/web/PortfolioPublishServlet.java

@@ -70,7 +70,8 @@ public class PortfolioPublishServlet extends MessageServletSupport {
                 }
                 out.print(refreshRate);
                 out.println("'/></head>");
-                out.println("<body>Published <b>" + count + "</b> of " + total + " price messages.  Refresh = " + refreshRate + "s");
+                out.println("<body>Published <b>" + escape(Integer.toString(count)) + "</b> of " + escape(Integer.toString(total))
+                        + " price messages.  Refresh = " + escape(refreshRate) + "s");
                 out.println("</body></html>");
 
             } catch (JMSException e) {
@@ -129,4 +130,8 @@ public class PortfolioPublishServlet extends MessageServletSupport {
         }
         return 1;
     }
+
+    protected String escape(String text) throws IOException {
+        return java.net.URLEncoder.encode(text, "UTF-8");
+    }
 }