You are viewing a plain text version of this content. The canonical link for it is here.

Posted to solr-commits@lucene.apache.org by eh...@apache.org on 2009/02/21 11:44:13 UTC

svn commit: r746481 - in /lucene/solr/trunk: CHANGES.txt src/webapp/web/admin/schema.jsp

Author: ehatcher
Date: Sat Feb 21 10:44:13 2009
New Revision: 746481

URL: http://svn.apache.org/viewvc?rev=746481&view=rev
Log:
SOLR-1031: Fix XSS vulnerability in schema.jsp

Modified:
    lucene/solr/trunk/CHANGES.txt
    lucene/solr/trunk/src/webapp/web/admin/schema.jsp

Modified: lucene/solr/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/lucene/solr/trunk/CHANGES.txt?rev=746481&r1=746480&r2=746481&view=diff
==============================================================================
--- lucene/solr/trunk/CHANGES.txt (original)
+++ lucene/solr/trunk/CHANGES.txt Sat Feb 21 10:44:13 2009
@@ -267,6 +267,10 @@
 32. SOLR-1018: Slave is unable to replicate when server acts as repeater (as both master and slave)
     (Akshay Ukey, Noble Paul via shalin)
 
+33. SOLR-1026: Add protected words support to SnowballPorterFilterFactory (ehatcher)
+
+34. SOLR-1031: Fix XSS vulnerability in schema.jsp (Paul Lovvik via ehatcher)
+
 
 Other Changes
 ----------------------

Modified: lucene/solr/trunk/src/webapp/web/admin/schema.jsp
URL: http://svn.apache.org/viewvc/lucene/solr/trunk/src/webapp/web/admin/schema.jsp?rev=746481&r1=746480&r2=746481&view=diff
==============================================================================
--- lucene/solr/trunk/src/webapp/web/admin/schema.jsp (original)
+++ lucene/solr/trunk/src/webapp/web/admin/schema.jsp Sat Feb 21 10:44:13 2009
@@ -490,14 +490,10 @@
         
         var numTerms = 0;
         $.each(topTerms, function(term, count) {
-          var row = document.createElement('tr');
-          var c1 = document.createElement('td');
-          c1.innerHTML=term;
-          var c2 = document.createElement('td');
-          c2.innerHTML=count;
-          row.appendChild(c1);
-          row.appendChild(c2);
-          tbody.appendChild(row);
+          var c1 = $('<td>').text(term);
+          var c2 = $('<td>').text(count);
+          var row = $('<tr>').append(c1).append(c2);
+          tbody.appendChild(row.get(0));
           numTerms++;
         });
         tbl.appendChild(tbody);