You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ro...@apache.org on 2017/10/18 23:20:01 UTC
[sling-org-apache-sling-featureflags] 13/28: SLING-4836 - Escape
output in Apache Sling Feature Flags webconsole plugin * applied patch from
Alexandre Collignon (Thanks!)
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-featureflags.git
commit 53944da72584ff3f1386afbcae9a7ef848c5649a
Author: Antonio Sanso <as...@apache.org>
AuthorDate: Fri Jun 26 07:31:10 2015 +0000
SLING-4836 - Escape output in Apache Sling Feature Flags webconsole plugin
* applied patch from Alexandre Collignon (Thanks!)
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk@1687690 13f79535-47bb-0310-9956-ffa450edef68
---
src/main/java/org/apache/sling/featureflags/impl/FeatureManager.java | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/main/java/org/apache/sling/featureflags/impl/FeatureManager.java b/src/main/java/org/apache/sling/featureflags/impl/FeatureManager.java
index c4f6b84..9fed787 100644
--- a/src/main/java/org/apache/sling/featureflags/impl/FeatureManager.java
+++ b/src/main/java/org/apache/sling/featureflags/impl/FeatureManager.java
@@ -45,6 +45,7 @@ import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.ReferenceCardinality;
import org.apache.felix.scr.annotations.ReferencePolicy;
import org.apache.felix.scr.annotations.Service;
+import org.apache.sling.api.request.ResponseUtil;
import org.apache.sling.featureflags.Feature;
import org.apache.sling.featureflags.Features;
import org.osgi.framework.Constants;
@@ -155,8 +156,8 @@ public class FeatureManager implements Features, Filter, Servlet {
pw.println("<tr><th>Name</th><th>Description</th><th>Enabled</th></tr>");
final ExecutionContextImpl ctx = getCurrentExecutionContext();
for (final Feature feature : features) {
- pw.printf("<tr><td>%s</td><td>%s</td><td>%s</td></tr>%n", feature.getName(),
- feature.getDescription(), ctx.isEnabled(feature));
+ pw.printf("<tr><td>%s</td><td>%s</td><td>%s</td></tr>%n", ResponseUtil.escapeXml(feature.getName()),
+ ResponseUtil.escapeXml(feature.getDescription()), ctx.isEnabled(feature));
}
pw.println("</table>");
}
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.