Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fixed XSS issue in demo CometDump servlet 

git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@949 7e9141cc-0065-0410-87d8-b60c137991c4
This commit is contained in:
Greg Wilkins 2009-09-24 03:53:33 +00:00
parent 69159ea484
commit c961b097db
2 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
VERSION.txt
View File

@ -7,6 +7,7 @@ jetty-7.0.1-SNAPSHOT
+ 289027 deobfuscate HttpClient SSL passwords
+ 289959 Improved ContextDeployer configuration
+ JETTY-1114 unsynchronised WebAppClassloader.getResource(String)
+ Fixed XSS issue in CookieDump demo servlet.
jetty-7.0.0
+ 289958 StatisticsServlet incorrectly adds StatisticsHandler

13
test-jetty-webapp/src/main/java/com/acme/CookieDump.java
View File

@ -85,7 +85,7 @@ public class CookieDump extends HttpServlet
for (int i=0;cookies!=null && i<cookies.length;i++)
{
out.println("<b>"+cookies[i].getName()+"</b>="+cookies[i].getValue()+"<br/>");
out.println("<b>"+deScript(cookies[i].getName())+"</b>="+deScript(cookies[i].getValue())+"<br/>");
}
out.println("<form action=\""+response.encodeURL(getURI(request))+"\" method=\"post\">");
@ -110,5 +110,16 @@ public class CookieDump extends HttpServlet
uri=request.getRequestURI();
return uri;
}
/* ------------------------------------------------------------ */
protected String deScript(String string)
{
if (string==null)
return null;
string=string.replace("&", "&amp;");
string=string.replace( "<", "&lt;");
string=string.replace( ">", "&gt;");
return string;
}
}