From 160765bdd6f5931dfe53f089c05655a59b36c404 Mon Sep 17 00:00:00 2001
From: Erik Hatcher <ehatcher@apache.org>
Date: Sat, 21 Feb 2009 10:44:13 +0000
Subject: [PATCH] SOLR-1031: Fix XSS vulnerability in schema.jsp

git-svn-id: https://svn.apache.org/repos/asf/lucene/solr/trunk@746481 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES.txt                     |  4 ++++
 src/webapp/web/admin/schema.jsp | 12 ++++--------
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/CHANGES.txt b/CHANGES.txt
index 5005b831620..676f3317299 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -267,6 +267,10 @@ Bug Fixes
 32. SOLR-1018: Slave is unable to replicate when server acts as repeater (as both master and slave)
     (Akshay Ukey, Noble Paul via shalin)
 
+33. SOLR-1026: Add protected words support to SnowballPorterFilterFactory (ehatcher)
+
+34. SOLR-1031: Fix XSS vulnerability in schema.jsp (Paul Lovvik via ehatcher)
+
 
 Other Changes
 ----------------------
diff --git a/src/webapp/web/admin/schema.jsp b/src/webapp/web/admin/schema.jsp
index da2c8f74366..b1a1b6216ab 100644
--- a/src/webapp/web/admin/schema.jsp
+++ b/src/webapp/web/admin/schema.jsp
@@ -490,14 +490,10 @@
         
         var numTerms = 0;
         $.each(topTerms, function(term, count) {
-          var row = document.createElement('tr');
-          var c1 = document.createElement('td');
-          c1.innerHTML=term;
-          var c2 = document.createElement('td');
-          c2.innerHTML=count;
-          row.appendChild(c1);
-          row.appendChild(c2);
-          tbody.appendChild(row);
+          var c1 = $('<td>').text(term);
+          var c2 = $('<td>').text(count);
+          var row = $('<tr>').append(c1).append(c2);
+          tbody.appendChild(row.get(0));
           numTerms++;
         });
         tbl.appendChild(tbody);