You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by pa...@apache.org on 2019/05/06 10:40:38 UTC
[sling-org-apache-sling-servlets-resolver] branch master updated:
SLING-8388 : XSS possible in system console - servletresolver
This is an automated email from the ASF dual-hosted git repository.
pauls pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-servlets-resolver.git
The following commit(s) were added to refs/heads/master by this push:
new 4e22103 SLING-8388 : XSS possible in system console - servletresolver
new 26e4440 Merge pull request #4 from ashokpanghal/issues/SLING-8388
4e22103 is described below
commit 4e22103ca57917e89fe8475118011b4a6a054280
Author: Ashok Kumar <as...@adobe.com>
AuthorDate: Fri May 3 09:54:42 2019 +0530
SLING-8388 : XSS possible in system console - servletresolver
---
.../sling/servlets/resolver/internal/console/WebConsolePlugin.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/main/java/org/apache/sling/servlets/resolver/internal/console/WebConsolePlugin.java b/src/main/java/org/apache/sling/servlets/resolver/internal/console/WebConsolePlugin.java
index 58ffcf0..c3ee850 100644
--- a/src/main/java/org/apache/sling/servlets/resolver/internal/console/WebConsolePlugin.java
+++ b/src/main/java/org/apache/sling/servlets/resolver/internal/console/WebConsolePlugin.java
@@ -224,7 +224,7 @@ public class WebConsolePlugin extends HttpServlet {
// check for non-existing resources
if (ResourceUtil.isNonExistingResource(resource)) {
pw.println("The resource given by path '");
- pw.println(resource.getPath());
+ pw.println(ResponseUtil.escapeXml(resource.getPath()));
pw.println("' does not exist. Therefore no resource type could be determined!<br/>");
}
pw.print("Candidate servlets and scripts in order of preference for method ");