geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Genender <jgenen...@apache.org>
Subject Re: geronimo 1.0 - CSS vulnerabilities - response from Tomcat team
Date Wed, 18 Jan 2006 16:24:07 GMT
So assuming this appears to be somewhat "examples" related, is this
truly a container problem, or just the jsp examples implementation?

Jeff

Kevan Miller wrote:
> Presumably in response to Dave's email to Tomcat, the following changes
> were made to Tomcat samples, yesterday afternoon:
> 
>     From:       markt@apache.org
>     Subject:     svn commit: r369933 - in
> /tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples: cal/cal2.jsp
> security/protected/index.jsp
>     Date:     January 17, 2006 4:52:05 PM EST
>     To:       tomcat-dev@jakarta.apache.org
>     Reply-To:       dev@tomcat.apache.org
> 
> Author: markt
> Date: Tue Jan 17 13:52:02 2006
> New Revision: 369933
> 
> URL: http://svn.apache.org/viewcvs?rev=369933&view=rev
> Log:
> Fix XSS issues in examples.
> 
> Modified:
>     tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/cal/cal2.jsp
>    
> tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/security/protected/index.jsp
> 
> 
> Modified:
> tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/cal/cal2.jsp
> URL:
> http://svn.apache.org/viewcvs/tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/cal/cal2.jsp?rev=369933&r1=369932&r2=369933&view=diff
> 
> ==============================================================================
> 
> ---
> tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/cal/cal2.jsp
> (original)
> +++
> tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/cal/cal2.jsp
> Tue Jan 17 13:52:02 2006
> @@ -29,12 +29,12 @@
> 
>  <FONT SIZE=5> Please add the following event:
>  <BR> <h3> Date <%= table.getDate() %>
> -<BR> Time <%= time %> </h3>
> +<BR> Time <%= util.HTMLFilter.filter(time) %> </h3>
>  </FONT>
>  <FORM METHOD=POST ACTION=cal1.jsp>
>  <BR>
>  <BR> <INPUT NAME="date" TYPE=HIDDEN VALUE="current">
> -<BR> <INPUT NAME="time" TYPE=HIDDEN VALUE=<%= time %>
> +<BR> <INPUT NAME="time" TYPE=HIDDEN VALUE=<%=
> util.HTMLFilter.filter(time) %>
>  <BR> <h2> Description of the event <INPUT NAME="description" TYPE=TEXT
> SIZE=20> </h2>
>  <BR> <INPUT TYPE=SUBMIT VALUE="submit">
>  </FORM>
> 
> Modified:
> tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/security/protected/index.jsp
> 
> URL:
> http://svn.apache.org/viewcvs/tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/security/protected/index.jsp?rev=369933&r1=369932&r2=369933&view=diff
> 
> ==============================================================================
> 
> ---
> tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/security/protected/index.jsp
> (original)
> +++
> tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/security/protected/index.jsp
> Tue Jan 17 13:52:02 2006
> @@ -49,11 +49,13 @@
>    if (role.length() > 0) {
>      if (request.isUserInRole(role)) {
>  %>
> -      You have been granted role <b><%= role %></b><br><br>
> +      You have been granted role
> +      <b><%= util.HTMLFilter.filter(role) %></b><br><br>
>  <%
>      } else {
>  %>
> -      You have <i>not</i> been granted role <b><%= role %></b><br><br>
> +      You have <i>not</i> been granted role
> +      <b><%= util.HTMLFilter.filter(role) %></b><br><br>
>  <%
>      }
>    }
> @@ -62,7 +64,7 @@
>  To check whether your username has been granted a particular role,
>  enter it here:
>  <form method="GET" action='<%= response.encodeURL("index.jsp") %>'>
> -<input type="text" name="role" value="<%= role %>">
> +<input type="text" name="role" value="<%= util.HTMLFilter.filter(role)
> %>">
>  </form>
>  <br><br>
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
> 
>     From:       markt@apache.org
>     Subject:     svn commit: r369934 -
> /tomcat/container/tc5.5.x/webapps/docs/changelog.xml
>     Date:     January 17, 2006 4:53:04 PM EST
>     To:       tomcat-dev@jakarta.apache.org
>     Reply-To:       dev@tomcat.apache.org
> 
> Author: markt
> Date: Tue Jan 17 13:53:01 2006
> New Revision: 369934
> 
> URL: http://svn.apache.org/viewcvs?rev=369934&view=rev
> Log:
> Update changelog.
> 
> Modified:
>     tomcat/container/tc5.5.x/webapps/docs/changelog.xml
> 
> Modified: tomcat/container/tc5.5.x/webapps/docs/changelog.xml
> URL:
> http://svn.apache.org/viewcvs/tomcat/container/tc5.5.x/webapps/docs/changelog.xml?rev=369934&r1=369933&r2=369934&view=diff
> 
> ==============================================================================
> 
> --- tomcat/container/tc5.5.x/webapps/docs/changelog.xml (original)
> +++ tomcat/container/tc5.5.x/webapps/docs/changelog.xml Tue Jan 17
> 13:53:01 2006
> @@ -76,6 +76,13 @@
>        </fix>
>      </changelog>
>    </subsection>
> +  <subsection name="Webapps">
> +    <changelog>
> +      <fix>
> +        Fix some XSS issues in the JSP examples. (markt)
> +      </fix>
> +    </changelog>
> +  </subsection>
>  </section>
> 
>  <section name="Tomcat 5.5.15 (yoavs)">
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
> 
>     From:       markt@apache.org
>     Subject:     svn commit: r369935 - in
> /tomcat/container/branches/tc4.1.x/webapps/examples/jsp: cal/cal2.jsp
> security/protected/index.jsp
>     Date:     January 17, 2006 4:53:53 PM EST
>     To:       tomcat-dev@jakarta.apache.org
>     Reply-To:       dev@tomcat.apache.org
> 
> Author: markt
> Date: Tue Jan 17 13:53:49 2006
> New Revision: 369935
> 
> URL: http://svn.apache.org/viewcvs?rev=369935&view=rev
> Log:
> Fix XSS issues in examples.
> 
> Modified:
>     tomcat/container/branches/tc4.1.x/webapps/examples/jsp/cal/cal2.jsp
>    
> tomcat/container/branches/tc4.1.x/webapps/examples/jsp/security/protected/index.jsp
> 
> 
> Modified:
> tomcat/container/branches/tc4.1.x/webapps/examples/jsp/cal/cal2.jsp
> URL:
> http://svn.apache.org/viewcvs/tomcat/container/branches/tc4.1.x/webapps/examples/jsp/cal/cal2.jsp?rev=369935&r1=369934&r2=369935&view=diff
> 
> ==============================================================================
> 
> --- tomcat/container/branches/tc4.1.x/webapps/examples/jsp/cal/cal2.jsp
> (original)
> +++ tomcat/container/branches/tc4.1.x/webapps/examples/jsp/cal/cal2.jsp
> Tue Jan 17 13:53:49 2006
> @@ -18,12 +18,12 @@
> 
>  <FONT SIZE=5> Please add the following event:
>  <BR> <h3> Date <%= table.getDate() %>
> -<BR> Time <%= time %> </h3>
> +<BR> Time <%= util.HTMLFilter.filter(time) %> </h3>
>  </FONT>
>  <FORM METHOD=POST ACTION=cal1.jsp>
>  <BR>
>  <BR> <INPUT NAME="date" TYPE=HIDDEN VALUE="current">
> -<BR> <INPUT NAME="time" TYPE=HIDDEN VALUE=<%= time %>
> +<BR> <INPUT NAME="time" TYPE=HIDDEN VALUE=<%=
> util.HTMLFilter.filter(time) %>
>  <BR> <h2> Description of the event <INPUT NAME="description" TYPE=TEXT
> SIZE=20> </h2>
>  <BR> <INPUT TYPE=SUBMIT VALUE="submit">
>  </FORM>
> 
> Modified:
> tomcat/container/branches/tc4.1.x/webapps/examples/jsp/security/protected/index.jsp
> 
> URL:
> http://svn.apache.org/viewcvs/tomcat/container/branches/tc4.1.x/webapps/examples/jsp/security/protected/index.jsp?rev=369935&r1=369934&r2=369935&view=diff
> 
> ==============================================================================
> 
> ---
> tomcat/container/branches/tc4.1.x/webapps/examples/jsp/security/protected/index.jsp
> (original)
> +++
> tomcat/container/branches/tc4.1.x/webapps/examples/jsp/security/protected/index.jsp
> Tue Jan 17 13:53:49 2006
> @@ -34,11 +34,13 @@
>    if (role.length() > 0) {
>      if (request.isUserInRole(role)) {
>  %>
> -      You have been granted role <b><%= role %></b><br><br>
> +      You have been granted role
> +      <b><%= util.HTMLFilter.filter(role) %></b><br><br>
>  <%
>      } else {
>  %>
> -      You have <i>not</i> been granted role <b><%= role %></b><br><br>
> +      You have <i>not</i> been granted role
> +      <b><%= util.HTMLFilter.filter(role) %></b><br><br>
>  <%
>      }
>    }
> @@ -47,7 +49,7 @@
>  To check whether your username has been granted a particular role,
>  enter it here:
>  <form method="GET" action='<%= response.encodeURL("index.jsp") %>'>
> -<input type="text" name="role" value="<%= role %>">
> +<input type="text" name="role" value="<%= util.HTMLFilter.filter(role)
> %>">
>  </form>
>  <br><br>
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
> 
> 
> 

Mime
View raw message