jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1506594 - /jackrabbit/trunk/jackrabbit-jcr-server/src/main/java/org/apache/jackrabbit/server/io/DirListingExportHandler.java
Date Wed, 24 Jul 2013 15:22:44 GMT
Author: angela
Date: Wed Jul 24 15:22:44 2013
New Revision: 1506594

URL: http://svn.apache.org/r1506594
Log:
JCR-3630 : XSS in DirListingExportHandler (patch provided by lars krapf)

Modified:
    jackrabbit/trunk/jackrabbit-jcr-server/src/main/java/org/apache/jackrabbit/server/io/DirListingExportHandler.java

Modified: jackrabbit/trunk/jackrabbit-jcr-server/src/main/java/org/apache/jackrabbit/server/io/DirListingExportHandler.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-jcr-server/src/main/java/org/apache/jackrabbit/server/io/DirListingExportHandler.java?rev=1506594&r1=1506593&r2=1506594&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-jcr-server/src/main/java/org/apache/jackrabbit/server/io/DirListingExportHandler.java
(original)
+++ jackrabbit/trunk/jackrabbit-jcr-server/src/main/java/org/apache/jackrabbit/server/io/DirListingExportHandler.java
Wed Jul 24 15:22:44 2013
@@ -167,7 +167,7 @@ public class DirListingExportHandler imp
                             writer.print("/");
                         }
                         writer.print("\">");
-                        writer.print(label);
+                        writer.print(Text.encodeIllegalXMLCharacters(label));
                         writer.print("</a></li>");
                     }
                 }
@@ -227,7 +227,7 @@ public class DirListingExportHandler imp
                     writer.print("<li><a href=\"");
                     writer.print(child.getHref());
                     writer.print("\">");
-                    writer.print(label);
+                    writer.print(Text.encodeIllegalXMLCharacters(label));
                     writer.print("</a></li>");
                 }
                 writer.print("</ul><hr size=\"1\"><em>Powered by <a
href=\"");



Mime
View raw message