You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cxf.apache.org by co...@apache.org on 2020/09/16 14:31:26 UTC

[cxf] 01/01: Escape the services listing stylesheet path

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch services_listing
in repository https://gitbox.apache.org/repos/asf/cxf.git

commit 08815bdccd6e94b4d34a8216878bbcdabd9ce7ef
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Sep 16 15:30:38 2020 +0100

    Escape the services listing stylesheet path
---
 .../cxf/transport/servlet/servicelist/FormattedServiceListWriter.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/FormattedServiceListWriter.java b/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/FormattedServiceListWriter.java
index c453e5a..9cc2cb4 100644
--- a/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/FormattedServiceListWriter.java
+++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/FormattedServiceListWriter.java
@@ -42,7 +42,7 @@ public class FormattedServiceListWriter implements ServiceListWriter {
                                       String title,
                                       boolean showForeignContexts,
                                       Bus bus) {
-        this.styleSheetPath = styleSheetPath;
+        this.styleSheetPath = StringEscapeUtils.escapeHtml4(styleSheetPath);
         this.title = title;
         this.showForeignContexts = showForeignContexts;
         this.bus = bus;