You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by an...@apache.org on 2013/07/24 17:22:44 UTC
svn commit: r1506594 -
/jackrabbit/trunk/jackrabbit-jcr-server/src/main/java/org/apache/jackrabbit/server/io/DirListingExportHandler.java
Author: angela
Date: Wed Jul 24 15:22:44 2013
New Revision: 1506594
URL: http://svn.apache.org/r1506594
Log:
JCR-3630 : XSS in DirListingExportHandler (patch provided by lars krapf)
Modified:
jackrabbit/trunk/jackrabbit-jcr-server/src/main/java/org/apache/jackrabbit/server/io/DirListingExportHandler.java
Modified: jackrabbit/trunk/jackrabbit-jcr-server/src/main/java/org/apache/jackrabbit/server/io/DirListingExportHandler.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-jcr-server/src/main/java/org/apache/jackrabbit/server/io/DirListingExportHandler.java?rev=1506594&r1=1506593&r2=1506594&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-jcr-server/src/main/java/org/apache/jackrabbit/server/io/DirListingExportHandler.java (original)
+++ jackrabbit/trunk/jackrabbit-jcr-server/src/main/java/org/apache/jackrabbit/server/io/DirListingExportHandler.java Wed Jul 24 15:22:44 2013
@@ -167,7 +167,7 @@ public class DirListingExportHandler imp
writer.print("/");
}
writer.print("\">");
- writer.print(label);
+ writer.print(Text.encodeIllegalXMLCharacters(label));
writer.print("</a></li>");
}
}
@@ -227,7 +227,7 @@ public class DirListingExportHandler imp
writer.print("<li><a href=\"");
writer.print(child.getHref());
writer.print("\">");
- writer.print(label);
+ writer.print(Text.encodeIllegalXMLCharacters(label));
writer.print("</a></li>");
}
writer.print("</ul><hr size=\"1\"><em>Powered by <a href=\"");