[jboss-cvs] JBossAS SVN: r77026 - branches/JBPAPP_4_2_0_GA_CP/varia/src/main/org/jboss/jmx/adaptor/html.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Aug 13 14:33:34 EDT 2008
Author: csaldanh
Date: 2008-08-13 14:33:34 -0400 (Wed, 13 Aug 2008)
New Revision: 77026
Modified:
branches/JBPAPP_4_2_0_GA_CP/varia/src/main/org/jboss/jmx/adaptor/html/HtmlAdaptorServlet.java
Log:
JBPAPP-964: Fix for XSS in jmx-console
Modified: branches/JBPAPP_4_2_0_GA_CP/varia/src/main/org/jboss/jmx/adaptor/html/HtmlAdaptorServlet.java
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/varia/src/main/org/jboss/jmx/adaptor/html/HtmlAdaptorServlet.java 2008-08-13 18:17:15 UTC (rev 77025)
+++ branches/JBPAPP_4_2_0_GA_CP/varia/src/main/org/jboss/jmx/adaptor/html/HtmlAdaptorServlet.java 2008-08-13 18:33:34 UTC (rev 77026)
@@ -165,6 +165,9 @@
{
filter = "";
}
+
+ //Change "<" and ">" to "<" and ">" in filter string
+ filter = translateMetaCharacters(filter);
// update request filter and store filter in session context,
// so it can be used when no filter has been submitted in
@@ -313,5 +316,15 @@
argList.toArray(args);
return args;
}
+
+ /** Translate html metacharacters in filter string only '<' and '>'
+ */
+ private String translateMetaCharacters(String s)
+ {
+ s = s.replaceAll("<","<");
+ s = s.replaceAll(">",">");
+ return s;
+ }
+
}
More information about the jboss-cvs-commits
mailing list