You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by rg...@apache.org on 2008/02/25 07:09:22 UTC
svn commit: r630740 -
/struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/views/util/UrlHelper.java
Author: rgielen
Date: Sun Feb 24 22:09:14 2008
New Revision: 630740
URL: http://svn.apache.org/viewvc?rev=630740&view=rev
Log:
WW-2414:
Applied James Mitchell's patch for critical XSS bug to 2.0.x tree
Modified:
struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/views/util/UrlHelper.java
Modified: struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/views/util/UrlHelper.java
URL: http://svn.apache.org/viewvc/struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/views/util/UrlHelper.java?rev=630740&r1=630739&r2=630740&view=diff
==============================================================================
--- struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/views/util/UrlHelper.java (original)
+++ struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/views/util/UrlHelper.java Sun Feb 24 22:09:14 2008
@@ -188,10 +188,14 @@
buildParametersString(params, link, "&");
}
- String result;
+ String result = link.toString();
+
+ while (result.indexOf("<script>") > 0) {
+ result = result.replaceAll("<script>", "script");
+ }
try {
- result = encodeResult ? response.encodeURL(link.toString()) : link.toString();
+ result = encodeResult ? response.encodeURL(result) : result;
} catch (Exception ex) {
// Could not encode the URL for some reason
// Use it unchanged