tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r369935 - in /tomcat/container/branches/tc4.1.x/webapps/examples/jsp: cal/cal2.jsp security/protected/index.jsp
Date Tue, 17 Jan 2006 21:53:53 GMT
Author: markt
Date: Tue Jan 17 13:53:49 2006
New Revision: 369935

URL: http://svn.apache.org/viewcvs?rev=369935&view=rev
Log:
Fix XSS issues in examples.

Modified:
    tomcat/container/branches/tc4.1.x/webapps/examples/jsp/cal/cal2.jsp
    tomcat/container/branches/tc4.1.x/webapps/examples/jsp/security/protected/index.jsp

Modified: tomcat/container/branches/tc4.1.x/webapps/examples/jsp/cal/cal2.jsp
URL: http://svn.apache.org/viewcvs/tomcat/container/branches/tc4.1.x/webapps/examples/jsp/cal/cal2.jsp?rev=369935&r1=369934&r2=369935&view=diff
==============================================================================
--- tomcat/container/branches/tc4.1.x/webapps/examples/jsp/cal/cal2.jsp (original)
+++ tomcat/container/branches/tc4.1.x/webapps/examples/jsp/cal/cal2.jsp Tue Jan 17 13:53:49
2006
@@ -18,12 +18,12 @@
 
 <FONT SIZE=5> Please add the following event:
 <BR> <h3> Date <%= table.getDate() %>
-<BR> Time <%= time %> </h3>
+<BR> Time <%= util.HTMLFilter.filter(time) %> </h3>
 </FONT>
 <FORM METHOD=POST ACTION=cal1.jsp>
 <BR> 
 <BR> <INPUT NAME="date" TYPE=HIDDEN VALUE="current">
-<BR> <INPUT NAME="time" TYPE=HIDDEN VALUE=<%= time %>
+<BR> <INPUT NAME="time" TYPE=HIDDEN VALUE=<%= util.HTMLFilter.filter(time) %>
 <BR> <h2> Description of the event <INPUT NAME="description" TYPE=TEXT SIZE=20>
</h2>
 <BR> <INPUT TYPE=SUBMIT VALUE="submit">
 </FORM>

Modified: tomcat/container/branches/tc4.1.x/webapps/examples/jsp/security/protected/index.jsp
URL: http://svn.apache.org/viewcvs/tomcat/container/branches/tc4.1.x/webapps/examples/jsp/security/protected/index.jsp?rev=369935&r1=369934&r2=369935&view=diff
==============================================================================
--- tomcat/container/branches/tc4.1.x/webapps/examples/jsp/security/protected/index.jsp (original)
+++ tomcat/container/branches/tc4.1.x/webapps/examples/jsp/security/protected/index.jsp Tue
Jan 17 13:53:49 2006
@@ -34,11 +34,13 @@
   if (role.length() > 0) {
     if (request.isUserInRole(role)) {
 %>
-      You have been granted role <b><%= role %></b><br><br>
+      You have been granted role
+      <b><%= util.HTMLFilter.filter(role) %></b><br><br>
 <%
     } else {
 %>
-      You have <i>not</i> been granted role <b><%= role %></b><br><br>
+      You have <i>not</i> been granted role
+      <b><%= util.HTMLFilter.filter(role) %></b><br><br>
 <%
     }
   }
@@ -47,7 +49,7 @@
 To check whether your username has been granted a particular role,
 enter it here:
 <form method="GET" action='<%= response.encodeURL("index.jsp") %>'>
-<input type="text" name="role" value="<%= role %>">
+<input type="text" name="role" value="<%= util.HTMLFilter.filter(role) %>">
 </form>
 <br><br>
 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message