AMQ-7231 - Fix XSS in WebConsole

activemq-web-console/src/main/webapp/browse.jsp

@@ -50,7 +50,7 @@
 <td><a href="<c:url value="message.jsp">
                  <c:param name="id" value="${row.JMSMessageID}" />
                  <c:param name="JMSDestination" value="${requestContext.queueBrowser.JMSDestination}"/></c:url>"
-    title="${row.properties}">${row.JMSMessageID}</a></td>
+    title="<c:out value="${row.properties}"/>">${row.JMSMessageID}</a></td>
 <td><c:out value="${row.JMSCorrelationID}"/></td>
 <td><jms:persistent message="${row}"/></td>
 <td><c:out value="${row.JMSPriority}"/></td>

activemq-web-console/src/main/webapp/js/common.js

@@ -106,16 +106,3 @@ function getEventTarget(e) {
 	return targ;
 }
 
-function confirmAction(id, url) {
-	//TODO i18n messages
-	var select = document.getElementById(id);
-	var selectedIndex = select.selectedIndex; 
-	if (select.selectedIndex == 0) {
-		alert("Please select a value");
-		return;
-	}
-	var value = select.options[selectedIndex].value;
-	url = url.replace(/%target%/gi, value);
-	if (confirm("Are you sure?"))
-	  location.href=url;
-}

activemq-web-console/src/main/webapp/message.jsp

@@ -151,7 +151,7 @@ No message could be found for ID <c:out value="${requestContext.messageQuery.id}
                        </tr>
                     </c:if>
                     <tr class="odd">
-                    <td><a href="<c:out value="javascript:confirmAction('queue', 'copyMessage.action?destination=%target%&JMSDestination=${requestContext.messageQuery.JMSDestination}&messageId=${row.JMSMessageID}&JMSDestinationType=queue&secret=${sessionScope['secret']}"/>')">Copy</a></td>
+                    <td><a href="<c:out value="javascript:confirmAction('queue', 'copyMessage"/>')">Copy</a></td>
                         <td rowspan="2">
                             <select id="queue">
                                 <option value=""> -- Please select --</option>
@@ -165,7 +165,7 @@ No message could be found for ID <c:out value="${requestContext.messageQuery.id}
 
                     </tr>
                     <tr class="odd">
-                        <td><a href="<c:out value="javascript:confirmAction('queue', 'moveMessage.action?destination=%target%&JMSDestination=${requestContext.messageQuery.JMSDestination}&messageId=${row.JMSMessageID}&JMSDestinationType=queue&secret=${sessionScope['secret']}"/>')"
+                        <td><a href="<c:out value="javascript:confirmAction('queue', 'moveMessage"/>')"
                             >Move</a></td>
                     </tr>
                 </tbody>
@@ -225,6 +225,22 @@ function selectOptionByText (selElem, selText) {
     }
 }
 
+function confirmAction(id, action) {
+	//TODO i18n messages
+	var select = document.getElementById(id);
+	var selectedIndex = select.selectedIndex; 
+	if (select.selectedIndex == 0) {
+		alert("Please select a value");
+		return;
+	}
+	var value = select.options[selectedIndex].value;
+	var url = action + ".action?destination=" + value;
+	url += "&JMSDestination=${requestContext.messageQuery.JMSDestination}";
+	url += "&messageId=${row.JMSMessageID}&JMSDestinationType=queue&secret=${sessionScope['secret']}";
+	if (confirm("Are you sure?"))
+	  location.href=url;
+}
+
 window.onload=function() {
 	sortSelect( document.getElementById('queue') );
 	selectOptionByText( document.getElementById('queue'), "-- Please select --" );