tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From yo...@apache.org
Subject svn commit: r428048 - /tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/jsp2/el/implicit-objects.jsp
Date Wed, 02 Aug 2006 16:49:58 GMT
Author: yoavs
Date: Wed Aug  2 09:49:57 2006
New Revision: 428048

URL: http://svn.apache.org/viewvc?rev=428048&view=rev
Log:
Address possible security vulnerability in header value parsing: escape it to avoid someone
trying an XSS attack.

Modified:
    tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/jsp2/el/implicit-objects.jsp

Modified: tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/jsp2/el/implicit-objects.jsp
URL: http://svn.apache.org/viewvc/tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/jsp2/el/implicit-objects.jsp?rev=428048&r1=428047&r2=428048&view=diff
==============================================================================
--- tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/jsp2/el/implicit-objects.jsp
(original)
+++ tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/jsp2/el/implicit-objects.jsp
Wed Aug  2 09:49:57 2006
@@ -71,15 +71,15 @@
 	  </tr>
 	  <tr>
 	    <td>\${header["host"]}</td>
-	    <td>${header["host"]}</td>
+	    <td>${fn:escapeXml(header["host"])}&nbsp;</td>
 	  </tr>
 	  <tr>
 	    <td>\${header["accept"]}</td>
-	    <td>${header["accept"]}</td>
+	    <td>${fn:escapeXml(header["accept"])}&nbsp;</td>
 	  </tr>
 	  <tr>
 	    <td>\${header["user-agent"]}</td>
-	    <td>${header["user-agent"]}</td>
+	    <td>${fn:escapeXml(header["user-agent"])}&nbsp;</td>
 	  </tr>
 	</table>
       </code>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message