Return-Path: 
 <dev-return-10059-apmail-activemq-dev-archive=activemq.apache.org@activemq.apache.org>
Delivered-To: apmail-activemq-dev-archive@www.apache.org
Received: (qmail 18660 invoked from network); 9 Apr 2008 10:32:21 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 9 Apr 2008 10:32:21 -0000
Received: (qmail 61833 invoked by uid 500); 9 Apr 2008 10:32:21 -0000
Delivered-To: apmail-activemq-dev-archive@activemq.apache.org
Received: (qmail 61807 invoked by uid 500); 9 Apr 2008 10:32:21 -0000
Mailing-List: contact dev-help@activemq.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@activemq.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@activemq.apache.org>
List-Post: <mailto:dev@activemq.apache.org>
List-Id: <dev.activemq.apache.org>
Reply-To: dev@activemq.apache.org
Delivered-To: mailing list dev@activemq.apache.org
Received: (qmail 61798 invoked by uid 99); 9 Apr 2008 10:32:21 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Apr 2008 03:32:21 -0700
X-ASF-Spam-Status: No, hits=-2000.0 required=10.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Apr 2008 10:31:38 +0000
Received: from brutus (localhost [127.0.0.1])
	by brutus.apache.org (Postfix) with ESMTP id B6A5D234C0C9
	for <dev@activemq.apache.org>; Wed,  9 Apr 2008 03:29:32 -0700 (PDT)
Message-ID: <937725784.1207736972747.JavaMail.jira@brutus>
Date: Wed, 9 Apr 2008 03:29:32 -0700 (PDT)
From: "Rob Davies (JIRA)" <jira@apache.org>
To: dev@activemq.apache.org
Subject: [jira] Resolved: (AMQ-1534) Unescaped text messages in message
 detail
In-Reply-To: <27578405.1199371423710.JavaMail.jira@brutus>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked by ClamAV on apache.org


     [ https://issues.apache.org/activemq/browse/AMQ-1534?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rob Davies resolved AMQ-1534.
-----------------------------

      Assignee: Rob Davies
    Resolution: Duplicate

duplicate of https://issues.apache.org/activemq/browse/AMQ-1013

> Unescaped text messages in message detail
> -----------------------------------------
>
>                 Key: AMQ-1534
>                 URL: https://issues.apache.org/activemq/browse/AMQ-1534
>             Project: ActiveMQ
>          Issue Type: Bug
>    Affects Versions: 5.0.0
>         Environment: Browser
>            Reporter: Elliotte Rusty Harold
>            Assignee: Rob Davies
>            Priority: Critical
>
> The new HTTP based queue view is very useful. However it has one really annoying bug that cost me some hours of debugging. Send a TextMessage to the queue containing a typical HTML or XML document such as 
> <result></result>
> Then look at that message in the web browser and look at the message detail to see the text of the message. The text appears to be blank, especially if the message only contains tags and white space as was the case for me. Even if it isn't completely blank, the tags will be missing.
> The problem is that the text of the message is displayed raw and added to the HTML. This could even be a vector for XSS attacks since no escaping is performed.
> Before displaying the text it should be escaped. That is, & should be converted to &amp; and < to &lt;. That should fix the critical problems. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.