You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sling.apache.org by ro...@apache.org on 2017/10/18 23:20:01 UTC

[sling-org-apache-sling-featureflags] 13/28: SLING-4836 - Escape output in Apache Sling Feature Flags webconsole plugin * applied patch from Alexandre Collignon (Thanks!)

This is an automated email from the ASF dual-hosted git repository.

rombert pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-featureflags.git

commit 53944da72584ff3f1386afbcae9a7ef848c5649a
Author: Antonio Sanso <as...@apache.org>
AuthorDate: Fri Jun 26 07:31:10 2015 +0000

    SLING-4836 - Escape output in Apache Sling Feature Flags webconsole plugin
    * applied patch from  Alexandre Collignon (Thanks!)
    
    git-svn-id: https://svn.apache.org/repos/asf/sling/trunk@1687690 13f79535-47bb-0310-9956-ffa450edef68
---
 src/main/java/org/apache/sling/featureflags/impl/FeatureManager.java | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/apache/sling/featureflags/impl/FeatureManager.java b/src/main/java/org/apache/sling/featureflags/impl/FeatureManager.java
index c4f6b84..9fed787 100644
--- a/src/main/java/org/apache/sling/featureflags/impl/FeatureManager.java
+++ b/src/main/java/org/apache/sling/featureflags/impl/FeatureManager.java
@@ -45,6 +45,7 @@ import org.apache.felix.scr.annotations.Reference;
 import org.apache.felix.scr.annotations.ReferenceCardinality;
 import org.apache.felix.scr.annotations.ReferencePolicy;
 import org.apache.felix.scr.annotations.Service;
+import org.apache.sling.api.request.ResponseUtil;
 import org.apache.sling.featureflags.Feature;
 import org.apache.sling.featureflags.Features;
 import org.osgi.framework.Constants;
@@ -155,8 +156,8 @@ public class FeatureManager implements Features, Filter, Servlet {
                 pw.println("<tr><th>Name</th><th>Description</th><th>Enabled</th></tr>");
                 final ExecutionContextImpl ctx = getCurrentExecutionContext();
                 for (final Feature feature : features) {
-                    pw.printf("<tr><td>%s</td><td>%s</td><td>%s</td></tr>%n", feature.getName(),
-                        feature.getDescription(), ctx.isEnabled(feature));
+                    pw.printf("<tr><td>%s</td><td>%s</td><td>%s</td></tr>%n", ResponseUtil.escapeXml(feature.getName()),
+                            ResponseUtil.escapeXml(feature.getDescription()), ctx.isEnabled(feature));
                 }
                 pw.println("</table>");
             }

-- 
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.