diff --git a/VERSION.txt b/VERSION.txt
index c585a5931a6..5d5e64205c8 100644
--- a/VERSION.txt
+++ b/VERSION.txt
@@ -8,6 +8,7 @@ jetty-7.0.0.M4-SNAPSHOT
+ JETTY-1049 Improved transparent proxy usability
+ JETTY-1054 Avoid double deploys
+ JETTY-1055 Cookie quoting
+ + JETTY-1057 Error page stack trace XSS
jetty-7.0.0.M3 20 June 2009
+ fixed race with expired async listeners
diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/ErrorHandler.java b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/ErrorHandler.java
index 31d4f6272ee..83bf4a41d67 100644
--- a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/ErrorHandler.java
+++ b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/ErrorHandler.java
@@ -75,12 +75,6 @@ public class ErrorHandler extends AbstractHandler
{
if (message == null)
message=HttpStatus.getCode(code).getMessage();
- else
- {
- message= StringUtil.replace(message, "&", "&");
- message= StringUtil.replace(message, "<", "<");
- message= StringUtil.replace(message, ">", ">");
- }
writer.write("\n\n");
writeErrorPageHead(request,writer,code,message);
@@ -98,7 +92,7 @@ public class ErrorHandler extends AbstractHandler
writer.write(Integer.toString(code));
writer.write(' ');
if (message!=null)
- writer.write(message);
+ writer.write(deScript(message));
writer.write("\n");
}
@@ -107,12 +101,6 @@ public class ErrorHandler extends AbstractHandler
throws IOException
{
String uri= request.getRequestURI();
- if (uri!=null)
- {
- uri= StringUtil.replace(uri, "&", "&");
- uri= StringUtil.replace(uri, "<", "<");
- uri= StringUtil.replace(uri, ">", ">");
- }
writeErrorPageMessage(request,writer,code,message,uri);
if (showStacks)
@@ -131,7 +119,7 @@ public class ErrorHandler extends AbstractHandler
writer.write("\nProblem accessing ");
writer.write(uri);
writer.write(". Reason:\n
");
- writer.write(message);
+ writer.write(deScript(message));
writer.write("");
}
@@ -147,7 +135,7 @@ public class ErrorHandler extends AbstractHandler
PrintWriter pw = new PrintWriter(sw);
th.printStackTrace(pw);
pw.flush();
- writer.write(sw.getBuffer().toString());
+ writer.write(deScript(sw.getBuffer().toString()));
writer.write("\n");
th =th.getCause();
@@ -173,4 +161,14 @@ public class ErrorHandler extends AbstractHandler
_showStacks = showStacks;
}
+ /* ------------------------------------------------------------ */
+ protected String deScript(String string)
+ {
+ if (string==null)
+ return null;
+ string=StringUtil.replace(string, "&", "&");
+ string=StringUtil.replace(string, "<", "<");
+ string=StringUtil.replace(string, ">", ">");
+ return string;
+ }
}