You are viewing a plain text version of this content. The canonical link for it is here.
Posted to solr-commits@lucene.apache.org by eh...@apache.org on 2009/02/21 11:44:13 UTC
svn commit: r746481 - in /lucene/solr/trunk: CHANGES.txt
src/webapp/web/admin/schema.jsp
Author: ehatcher
Date: Sat Feb 21 10:44:13 2009
New Revision: 746481
URL: http://svn.apache.org/viewvc?rev=746481&view=rev
Log:
SOLR-1031: Fix XSS vulnerability in schema.jsp
Modified:
lucene/solr/trunk/CHANGES.txt
lucene/solr/trunk/src/webapp/web/admin/schema.jsp
Modified: lucene/solr/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/lucene/solr/trunk/CHANGES.txt?rev=746481&r1=746480&r2=746481&view=diff
==============================================================================
--- lucene/solr/trunk/CHANGES.txt (original)
+++ lucene/solr/trunk/CHANGES.txt Sat Feb 21 10:44:13 2009
@@ -267,6 +267,10 @@
32. SOLR-1018: Slave is unable to replicate when server acts as repeater (as both master and slave)
(Akshay Ukey, Noble Paul via shalin)
+33. SOLR-1026: Add protected words support to SnowballPorterFilterFactory (ehatcher)
+
+34. SOLR-1031: Fix XSS vulnerability in schema.jsp (Paul Lovvik via ehatcher)
+
Other Changes
----------------------
Modified: lucene/solr/trunk/src/webapp/web/admin/schema.jsp
URL: http://svn.apache.org/viewvc/lucene/solr/trunk/src/webapp/web/admin/schema.jsp?rev=746481&r1=746480&r2=746481&view=diff
==============================================================================
--- lucene/solr/trunk/src/webapp/web/admin/schema.jsp (original)
+++ lucene/solr/trunk/src/webapp/web/admin/schema.jsp Sat Feb 21 10:44:13 2009
@@ -490,14 +490,10 @@
var numTerms = 0;
$.each(topTerms, function(term, count) {
- var row = document.createElement('tr');
- var c1 = document.createElement('td');
- c1.innerHTML=term;
- var c2 = document.createElement('td');
- c2.innerHTML=count;
- row.appendChild(c1);
- row.appendChild(c2);
- tbody.appendChild(row);
+ var c1 = $('<td>').text(term);
+ var c2 = $('<td>').text(count);
+ var row = $('<tr>').append(c1).append(c2);
+ tbody.appendChild(row.get(0));
numTerms++;
});
tbl.appendChild(tbody);