You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by jm...@apache.org on 2008/01/25 04:50:49 UTC
svn commit: r615103 -
/struts/struts2/trunk/core/src/main/java/org/apache/struts2/views/util/UrlHelper.java
Author: jmitchell
Date: Thu Jan 24 19:50:48 2008
New Revision: 615103
URL: http://svn.apache.org/viewvc?rev=615103&view=rev
Log:
WW-2414 - followup on earlier commit -- recursively replace <<<<<script>>>>> until completely sanitized
Modified:
struts/struts2/trunk/core/src/main/java/org/apache/struts2/views/util/UrlHelper.java
Modified: struts/struts2/trunk/core/src/main/java/org/apache/struts2/views/util/UrlHelper.java
URL: http://svn.apache.org/viewvc/struts/struts2/trunk/core/src/main/java/org/apache/struts2/views/util/UrlHelper.java?rev=615103&r1=615102&r2=615103&view=diff
==============================================================================
--- struts/struts2/trunk/core/src/main/java/org/apache/struts2/views/util/UrlHelper.java (original)
+++ struts/struts2/trunk/core/src/main/java/org/apache/struts2/views/util/UrlHelper.java Thu Jan 24 19:50:48 2008
@@ -176,10 +176,9 @@
String result = link.toString();
- if (result.indexOf("<script>") >= 0){
+ while (result.indexOf("<script>") > 0){
result = result.replaceAll("<script>", "script");
- }
-
+ }
try {
result = encodeResult ? response.encodeURL(result) : result;
} catch (Exception ex) {