From a0c4e5186e62fd3474ba4e7873b5dd6d331417d2 Mon Sep 17 00:00:00 2001
From: Timothy Potter <thelabdude@apache.org>
Date: Mon, 6 Apr 2015 16:49:47 +0000
Subject: [PATCH] SOLR-7346: Stored XSS in Admin UI Schema-Browser page and
 Analysis page

git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/trunk@1671580 13f79535-47bb-0310-9956-ffa450edef68
---
 solr/CHANGES.txt                             | 2 ++
 solr/webapp/web/js/scripts/analysis.js       | 4 ++--
 solr/webapp/web/js/scripts/schema-browser.js | 6 +++---
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index e26f76b5da2..9365a3562fb 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -503,6 +503,8 @@ Other Changes
 * SOLR-7290: Rename catchall _text field in data_driven_schema_configs
   to _text_ (Steve Rowe) 
 
+* SOLR-7346: Stored XSS in Admin UI Schema-Browser page and Analysis page (Mei Wang via Timothy Potter)
+
 ==================  5.0.0 ==================
 
 Consult the LUCENE_CHANGES.txt file for additional, low level, changes in this release.
diff --git a/solr/webapp/web/js/scripts/analysis.js b/solr/webapp/web/js/scripts/analysis.js
index cc2409cba18..5fcadaf0f1a 100644
--- a/solr/webapp/web/js/scripts/analysis.js
+++ b/solr/webapp/web/js/scripts/analysis.js
@@ -80,7 +80,7 @@ sammy.get
               {
                 fields.push
                 (
-                  '<option value="fieldname=' + field_name + '">' + field_name + '</option>'
+                  '<option value="fieldname=' + field_name.esc() + '">' + field_name.esc() + '</option>'
                 );
               }
               if( 0 !== fields.length )
@@ -95,7 +95,7 @@ sammy.get
               {
                 types.push
                 (
-                  '<option value="fieldtype=' + type_name + '">' + type_name + '</option>'
+                  '<option value="fieldtype=' + type_name.esc() + '">' + type_name.esc() + '</option>'
                 );
               }
               if( 0 !== types.length )
diff --git a/solr/webapp/web/js/scripts/schema-browser.js b/solr/webapp/web/js/scripts/schema-browser.js
index ab7fdbbb9e8..29898ab018d 100644
--- a/solr/webapp/web/js/scripts/schema-browser.js
+++ b/solr/webapp/web/js/scripts/schema-browser.js
@@ -596,7 +596,7 @@ sammy.bind
                     {
                       fields.push
                       (
-                        '<option value="?field=' + field_name + '">' + field_name + '</option>'
+                        '<option value="?field=' + field_name.esc() + '">' + field_name.esc() + '</option>'
                       );
                     }
                     if( 0 !== fields.length )
@@ -612,7 +612,7 @@ sammy.bind
                     {
                       dynamic_fields.push
                       (
-                        '<option value="?dynamic-field=' + type_name + '">' + type_name + '</option>'
+                        '<option value="?dynamic-field=' + type_name.esc() + '">' + type_name.esc() + '</option>'
                       );
                     }
                     if( 0 !== dynamic_fields.length )
@@ -628,7 +628,7 @@ sammy.bind
                     {
                       types.push
                       (
-                        '<option value="?type=' + type_name + '">' + type_name + '</option>'
+                        '<option value="?type=' + type_name.esc() + '">' + type_name.esc() + '</option>'
                       );
                     }
                     if( 0 !== types.length )