fix XSS vulnerability in analysis page

git-svn-id: https://svn.apache.org/repos/asf/lucene/solr/trunk@669766 13f79535-47bb-0310-9956-ffa450edef68
2008-06-20 02:20:39 +00:00 · 2008-06-20 02:20:39 +00:00 · 0150aeaf61
parent 319fd2b028
commit 0150aeaf61
1 changed files with 6 additions and 2 deletions
--- a/src/webapp/web/admin/analysis.jsp
+++ b/src/webapp/web/admin/analysis.jsp
@ -122,12 +122,16 @@
      try {
        field = schema.getField(name);
      } catch (Exception e) {
-        out.println("<strong>Unknown Field: " + name + "</strong>");
+        out.print("<strong>Unknown Field: ");
+        XML.escapeCharData(name, out);
+        out.println("</strong>");
      }
    } else {
       FieldType t = schema.getFieldTypes().get(name);
       if (null == t) {
-         out.println("<strong>Unknown Field Type: " + name + "</strong>");
+        out.print("<strong>Unknown Field Type: ");
+        XML.escapeCharData(name, out);
+        out.println("</strong>");
       } else {
         field = new SchemaField("fakefieldoftype:"+name, t);
       }