activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From hadr...@apache.org
Subject [08/20] git commit: https://issues.apache.org/jira/browse/AMQ-4471 - Fixing bug where stomp ws example allows remote JS execution.
Date Wed, 12 Mar 2014 02:21:34 GMT
https://issues.apache.org/jira/browse/AMQ-4471 - Fixing bug where stomp ws example allows remote
JS execution.


Project: http://git-wip-us.apache.org/repos/asf/activemq/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq/commit/8a5c0528
Tree: http://git-wip-us.apache.org/repos/asf/activemq/tree/8a5c0528
Diff: http://git-wip-us.apache.org/repos/asf/activemq/diff/8a5c0528

Branch: refs/heads/activemq-5.9
Commit: 8a5c0528f8bcd1abca9fbecaad6b1fd1a94d0a45
Parents: 28e6e6f
Author: Hiram Chirino <hiram@hiramchirino.com>
Authored: Wed Oct 30 13:19:26 2013 -0400
Committer: Hadrian Zbarcea <hadrian@apache.org>
Committed: Tue Mar 11 21:04:05 2014 -0400

----------------------------------------------------------------------
 assembly/src/release/examples/stomp/websocket/index.html | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/activemq/blob/8a5c0528/assembly/src/release/examples/stomp/websocket/index.html
----------------------------------------------------------------------
diff --git a/assembly/src/release/examples/stomp/websocket/index.html b/assembly/src/release/examples/stomp/websocket/index.html
index 12b5b23..26b02df 100644
--- a/assembly/src/release/examples/stomp/websocket/index.html
+++ b/assembly/src/release/examples/stomp/websocket/index.html
@@ -101,7 +101,7 @@
 
           // this allows to display debug logs directly on the web page
           client.debug = function(str) {
-            $("#debug").append(str + "\n");
+            $("#debug").append(document.createTextNode(str + "\n"));
           };
           
           // the client is notified when it is connected to the server.
@@ -110,7 +110,9 @@
             $('#connect').fadeOut({ duration: 'fast' });
             $('#connected').fadeIn();
             client.subscribe(destination, function(message) {
-              $("#messages").append("<p>" + message.body + "</p>\n");
+              var p = document.createElement("p");
+              p.appendChild(document.createTextNode(message.body));
+              $("#messages").append(p);
             });
           });
           return false;


Mime
View raw message