From 0150aeaf61eab7376cedac3c74b70d2e60f7d332 Mon Sep 17 00:00:00 2001
From: Mike Klaas <klaas@apache.org>
Date: Fri, 20 Jun 2008 02:20:39 +0000
Subject: [PATCH] fix XSS vulnerability in analysis page

git-svn-id: https://svn.apache.org/repos/asf/lucene/solr/trunk@669766 13f79535-47bb-0310-9956-ffa450edef68
---
 src/webapp/web/admin/analysis.jsp | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/webapp/web/admin/analysis.jsp b/src/webapp/web/admin/analysis.jsp
index fe6d3f4e719..56272a7fd16 100644
--- a/src/webapp/web/admin/analysis.jsp
+++ b/src/webapp/web/admin/analysis.jsp
@@ -122,12 +122,16 @@
       try {
         field = schema.getField(name);
       } catch (Exception e) {
-        out.println("<strong>Unknown Field: " + name + "</strong>");
+        out.print("<strong>Unknown Field: ");
+        XML.escapeCharData(name, out);
+        out.println("</strong>");
       }
     } else {
        FieldType t = schema.getFieldTypes().get(name);
        if (null == t) {
-         out.println("<strong>Unknown Field Type: " + name + "</strong>");
+        out.print("<strong>Unknown Field Type: ");
+        XML.escapeCharData(name, out);
+        out.println("</strong>");
        } else {
          field = new SchemaField("fakefieldoftype:"+name, t);
        }