You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by jf...@apache.org on 2005/01/18 16:30:42 UTC
cvs commit: jakarta-servletapi-5/jsr152/examples/snp snoop.jsp
jfarcand 2005/01/18 07:30:42
Modified: jsr152/examples/jsp2/el functions.jsp implicit-objects.jsp
jsr152/examples/jsp2/jspx textRotate.jspx
jsr152/examples/snp snoop.jsp
Log:
FIx for bug: SERVLETAPI: XSS Issues
Patch submitted by Mark Thomas at apache dot org
Revision Changes Path
1.5 +6 -5 jakarta-servletapi-5/jsr152/examples/jsp2/el/functions.jsp
Index: functions.jsp
===================================================================
RCS file: /home/cvs/jakarta-servletapi-5/jsr152/examples/jsp2/el/functions.jsp,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- functions.jsp 18 Mar 2004 16:40:30 -0000 1.4
+++ functions.jsp 18 Jan 2005 15:30:42 -0000 1.5
@@ -13,6 +13,7 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
<%@ taglib prefix="my" uri="http://jakarta.apache.org/tomcat/jsp2-example-taglib"%>
<html>
@@ -30,7 +31,7 @@
<blockquote>
<u><b>Change Parameter</b></u>
<form action="functions.jsp" method="GET">
- foo = <input type="text" name="foo" value="${param['foo']}">
+ foo = <input type="text" name="foo" value="${fn:escapeXml(param["foo"])}">
<input type="submit">
</form>
<br>
@@ -42,19 +43,19 @@
</thead>
<tr>
<td>\${param["foo"]}</td>
- <td>${param["foo"]} </td>
+ <td>${fn:escapeXml(param["foo"])} </td>
</tr>
<tr>
<td>\${my:reverse(param["foo"])}</td>
- <td>${my:reverse(param["foo"])} </td>
+ <td>${my:reverse(fn:escapeXml(param["foo"]))} </td>
</tr>
<tr>
<td>\${my:reverse(my:reverse(param["foo"]))}</td>
- <td>${my:reverse(my:reverse(param["foo"]))} </td>
+ <td>${my:reverse(my:reverse(fn:escapeXml(param["foo"])))} </td>
</tr>
<tr>
<td>\${my:countVowels(param["foo"])}</td>
- <td>${my:countVowels(param["foo"])} </td>
+ <td>${my:countVowels(fn:escapeXml(param["foo"]))} </td>
</tr>
</table>
</code>
1.4 +5 -3 jakarta-servletapi-5/jsr152/examples/jsp2/el/implicit-objects.jsp
Index: implicit-objects.jsp
===================================================================
RCS file: /home/cvs/jakarta-servletapi-5/jsr152/examples/jsp2/el/implicit-objects.jsp,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- implicit-objects.jsp 18 Mar 2004 16:40:30 -0000 1.3
+++ implicit-objects.jsp 18 Jan 2005 15:30:42 -0000 1.4
@@ -13,6 +13,8 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+
<html>
<head>
<title>JSP 2.0 Expression Language - Implicit Objects</title>
@@ -49,7 +51,7 @@
<blockquote>
<u><b>Change Parameter</b></u>
<form action="implicit-objects.jsp" method="GET">
- foo = <input type="text" name="foo" value="${param["foo"]}">
+ foo = <input type="text" name="foo" value="${fn:escapeXml(param["foo"])}">
<input type="submit">
</form>
<br>
@@ -61,11 +63,11 @@
</thead>
<tr>
<td>\${param.foo}</td>
- <td>${param.foo} </td>
+ <td>${fn:escapeXml(param["foo"])} </td>
</tr>
<tr>
<td>\${param["foo"]}</td>
- <td>${param["foo"]} </td>
+ <td>${fn:escapeXml(param["foo"])} </td>
</tr>
<tr>
<td>\${header["host"]}</td>
1.4 +2 -1 jakarta-servletapi-5/jsr152/examples/jsp2/jspx/textRotate.jspx
Index: textRotate.jspx
===================================================================
RCS file: /home/cvs/jakarta-servletapi-5/jsr152/examples/jsp2/jspx/textRotate.jspx,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- textRotate.jspx 21 Nov 2003 22:06:02 -0000 1.3
+++ textRotate.jspx 18 Jan 2005 15:30:42 -0000 1.4
@@ -6,11 +6,12 @@
<svg xmlns="http://www.w3.org/2000/svg"
width="450" height="500" viewBox="0 0 450 500"
xmlns:c="http://java.sun.com/jsp/jstl/core"
+ xmlns:fn="http://java.sun.com/jsp/jstl/functions"
xmlns:jsp="http://java.sun.com/JSP/Page">
<jsp:directive.page contentType="image/svg+xml" />
<title>JSP 2.0 JSPX</title>
<!-- select name parameter, or default to JSPX -->
- <c:set var="name" value='${empty param["name"] ? "JSPX" : param["name"]}'/>
+ <c:set var="name" value='${empty fn:escapeXml(param["name"]) ? "JSPX" : fn:escapeXml(param["name"])}'/>
<g id="testContent">
<text class="title" x="50%" y="10%" font-size="15" text-anchor="middle" >
JSP 2.0 XML Syntax (.jspx) Demo</text>
1.3 +2 -2 jakarta-servletapi-5/jsr152/examples/snp/snoop.jsp
Index: snoop.jsp
===================================================================
RCS file: /home/cvs/jakarta-servletapi-5/jsr152/examples/snp/snoop.jsp,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- snoop.jsp 18 Mar 2004 16:40:31 -0000 1.2
+++ snoop.jsp 18 Jan 2005 15:30:42 -0000 1.3
@@ -18,7 +18,7 @@
<body bgcolor="white">
<h1> Request Information </h1>
<font size="4">
-JSP Request Method: <%= request.getMethod() %>
+JSP Request Method: <% out.print(util.HTMLFilter.filter(request.getMethod())); %>
<br>
Request URI: <%= request.getRequestURI() %>
<br>
@@ -32,7 +32,7 @@
<br>
Content length: <%= request.getContentLength() %>
<br>
-Content type: <%= request.getContentType() %>
+Content type: <% out.print(util.HTMLFilter.filter(request.getContentType())); %>
<br>
Server name: <%= request.getServerName() %>
<br>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org