[jboss-cvs] JBossAS SVN: r91374 - in branches/Branch_5_x: varia/src/resources/jmx/html and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Jul 17 11:01:32 EDT 2009
Author: fjuma
Date: 2009-07-17 11:01:30 -0400 (Fri, 17 Jul 2009)
New Revision: 91374
Modified:
branches/Branch_5_x/console/src/resources/webconsole.war/createSnapshot.jsp
branches/Branch_5_x/console/src/resources/webconsole.war/createStringThresholdMonitor.jsp
branches/Branch_5_x/console/src/resources/webconsole.war/createStringThresholdMonitorSummary.jsp
branches/Branch_5_x/console/src/resources/webconsole.war/createThresholdMonitor.jsp
branches/Branch_5_x/console/src/resources/webconsole.war/createThresholdMonitorSummary.jsp
branches/Branch_5_x/console/src/resources/webconsole.war/listMonitors.jsp
branches/Branch_5_x/console/src/resources/webconsole.war/manageSnapshot.jsp
branches/Branch_5_x/console/src/resources/webconsole.war/manageStringThresholdMonitor.jsp
branches/Branch_5_x/console/src/resources/webconsole.war/manageThresholdMonitor.jsp
branches/Branch_5_x/varia/src/resources/jmx/html/displayMBeans.jsp
branches/Branch_5_x/varia/src/resources/jmx/html/inspectMBean.jsp
Log:
JBAS-7105: Made sure that input parameters to createSnapshot.jsp and createThresholdMonitor.jsp for the Web Console are sanitized before being displayed to the user.
Modified: branches/Branch_5_x/console/src/resources/webconsole.war/createSnapshot.jsp
===================================================================
--- branches/Branch_5_x/console/src/resources/webconsole.war/createSnapshot.jsp 2009-07-17 14:40:44 UTC (rev 91373)
+++ branches/Branch_5_x/console/src/resources/webconsole.war/createSnapshot.jsp 2009-07-17 15:01:30 UTC (rev 91374)
@@ -13,6 +13,25 @@
| Distributable under LGPL license.
| See terms of license at gnu.org.
+--%>
+<%!
+
+ /**
+ * Translate HTML tags and single and double quotes.
+ */
+ public String translateMetaCharacters(Object value)
+ {
+ if(value == null)
+ return null;
+
+ String s = String.valueOf(value);
+ String sanitizedName = s.replace("<", "<");
+ sanitizedName = sanitizedName.replace(">", ">");
+ sanitizedName = sanitizedName.replace("\"", """);
+ sanitizedName = sanitizedName.replace("\'", "'");
+ return sanitizedName;
+ }
+%>
+
<%
String error = (String)request.getAttribute("error");
String attribute = request.getParameter("attribute");
@@ -60,22 +79,22 @@
<table cellspacing="2" cellpadding="2" border="0">
<tr>
<td><b>Monitor Name</b></td>
- <td><input type="text" name="monitorName" size="35" value="<%=monitorName%>"></td>
+ <td><input type="text" name="monitorName" size="35" value="<%=translateMetaCharacters(monitorName)%>"></td>
<td><i>The name of the monitor and how it will be references within web console</i></td>
</tr>
<tr>
<td><b>Object Name</b></td>
- <td><input type="text" name="objectName" value="<%=objectName%>" size="35"></td>
+ <td><input type="text" name="objectName" value="<%=translateMetaCharacters(objectName)%>" size="35"></td>
<td><i>The MBean javax.management.ObjectName of the MBean you are monitoring</i></td>
</tr>
<tr>
<td><b>Attribute</b></td>
- <td><input type="text" name="attribute" value="<%=attribute%>" size="35"></td>
+ <td><input type="text" name="attribute" value="<%=translateMetaCharacters(attribute)%>" size="35"></td>
<td><i>The MBean Attribute you are monitoring</i></td>
</tr>
<tr>
<td><b>Time Period</b></td>
- <td><input type="text" name="period" size="35" value="<%=period%>"></td>
+ <td><input type="text" name="period" size="35" value="<%=translateMetaCharacters(period)%>"></td>
<td><i>How often should threshold be tested.</i></td>
</tr>
</table>
Modified: branches/Branch_5_x/console/src/resources/webconsole.war/createStringThresholdMonitor.jsp
===================================================================
--- branches/Branch_5_x/console/src/resources/webconsole.war/createStringThresholdMonitor.jsp 2009-07-17 14:40:44 UTC (rev 91373)
+++ branches/Branch_5_x/console/src/resources/webconsole.war/createStringThresholdMonitor.jsp 2009-07-17 15:01:30 UTC (rev 91374)
@@ -13,6 +13,25 @@
| Distributable under LGPL license.
| See terms of license at gnu.org.
+--%>
+<%!
+
+ /**
+ * Translate HTML tags and single and double quotes.
+ */
+ public String translateMetaCharacters(Object value)
+ {
+ if(value == null)
+ return null;
+
+ String s = String.valueOf(value);
+ String sanitizedName = s.replace("<", "<");
+ sanitizedName = sanitizedName.replace(">", ">");
+ sanitizedName = sanitizedName.replace("\"", """);
+ sanitizedName = sanitizedName.replace("\'", "'");
+ return sanitizedName;
+ }
+%>
+
<%
MBeanServer mbeanServer = MBeanServerLocator.locateJBoss();
String error = (String)request.getAttribute("error");
@@ -85,27 +104,27 @@
<table cellspacing="2" cellpadding="2" border="0">
<tr>
<td><b>Monitor Name</b></td>
- <td><input type="text" name="monitorName" size="35" value="<%=monitorName%>"></td>
+ <td><input type="text" name="monitorName" size="35" value="<%=translateMetaCharacters(monitorName)%>"></td>
<td><i>The name of the monitor and how it will be references within web console</i></td>
</tr>
<tr>
<td><b>Object Name</b></td>
- <td><input type="text" name="objectName" value="<%=objectName%>" size="35"></td>
+ <td><input type="text" name="objectName" value="<%=translateMetaCharacters(objectName)%>" size="35"></td>
<td><i>The MBean javax.management.ObjectName of the MBean you are monitoring</i></td>
</tr>
<tr>
<td><b>Attribute</b></td>
- <td><input type="text" name="attribute" value="<%=attribute%>" size="35"></td>
+ <td><input type="text" name="attribute" value="<%=translateMetaCharacters(attribute)%>" size="35"></td>
<td><i>The MBean Attribute you are monitoring</i></td>
</tr>
<tr>
<td><b>Threshold</b></td>
- <td><input type="text" name="threshold" size="35" value="<%=threshold%>"></td>
+ <td><input type="text" name="threshold" size="35" value="<%=translateMetaCharacters(threshold)%>"></td>
<td><i>The value that will trigger an alert when the Comparison Equation is reached for the attribute value</i></td>
</tr>
<tr>
<td><b>Time Period</b></td>
- <td><input type="text" name="period" size="35" value="<%=period%>"></td>
+ <td><input type="text" name="period" size="35" value="<%=translateMetaCharacters(period)%>"></td>
<td><i>How often should threshold be tested.</i></td>
</tr>
<tr>
Modified: branches/Branch_5_x/console/src/resources/webconsole.war/createStringThresholdMonitorSummary.jsp
===================================================================
--- branches/Branch_5_x/console/src/resources/webconsole.war/createStringThresholdMonitorSummary.jsp 2009-07-17 14:40:44 UTC (rev 91373)
+++ branches/Branch_5_x/console/src/resources/webconsole.war/createStringThresholdMonitorSummary.jsp 2009-07-17 15:01:30 UTC (rev 91374)
@@ -13,6 +13,25 @@
| Distributable under LGPL license.
| See terms of license at gnu.org.
+--%>
+<%!
+
+ /**
+ * Translate HTML tags and single and double quotes.
+ */
+ public String translateMetaCharacters(Object value)
+ {
+ if(value == null)
+ return null;
+
+ String s = String.valueOf(value);
+ String sanitizedName = s.replace("<", "<");
+ sanitizedName = sanitizedName.replace(">", ">");
+ sanitizedName = sanitizedName.replace("\"", """);
+ sanitizedName = sanitizedName.replace("\'", "'");
+ return sanitizedName;
+ }
+%>
+
<%
String monitorName = request.getParameter("monitorName");
if (monitorName == null) monitorName = "";
@@ -70,27 +89,27 @@
<table cellspacing="2" cellpadding="2" border="0">
<tr>
<td><b>Monitor Name</b></td>
- <td><input type="text" name="monitorName" size="35" value="<%=monitorName%>" readonly></td>
+ <td><input type="text" name="monitorName" size="35" value="<%=translateMetaCharacters(monitorName)%>" readonly></td>
<td><i>The name of the monitor and how it will be references within web console</i></td>
</tr>
<tr>
<td><b>Object Name</b></td>
- <td><input type="text" name="objectName" value="<%=objectName%>" size="35" readonly></td>
+ <td><input type="text" name="objectName" value="<%=translateMetaCharacters(objectName)%>" size="35" readonly></td>
<td><i>The MBean javax.management.ObjectName of the MBean you are monitoring</i></td>
</tr>
<tr>
<td><b>Attribute</b></td>
- <td><input type="text" name="attribute" value="<%=attribute%>" size="35" readonly></td>
+ <td><input type="text" name="attribute" value="<%=translateMetaCharacters(attribute)%>" size="35" readonly></td>
<td><i>The MBean Attribute you are monitoring</i></td>
</tr>
<tr>
<td><b>Threshold</b></td>
- <td><input type="text" name="threshold" size="35" value="<%=threshold%>" readonly></td>
+ <td><input type="text" name="threshold" size="35" value="<%=translateMetaCharacters(threshold)%>" readonly></td>
<td><i>The value that will trigger an alert when the Comparison Equation is reached for the attribute value</i></td>
</tr>
<tr>
<td><b>Time Period</b></td>
- <td><input type="text" name="period" size="35" value="<%=period%>" readonly></td>
+ <td><input type="text" name="period" size="35" value="<%=translateMetaCharacters(period)%>" readonly></td>
<td><i>How often should threshold be tested.</i></td>
</tr>
<tr>
Modified: branches/Branch_5_x/console/src/resources/webconsole.war/createThresholdMonitor.jsp
===================================================================
--- branches/Branch_5_x/console/src/resources/webconsole.war/createThresholdMonitor.jsp 2009-07-17 14:40:44 UTC (rev 91373)
+++ branches/Branch_5_x/console/src/resources/webconsole.war/createThresholdMonitor.jsp 2009-07-17 15:01:30 UTC (rev 91374)
@@ -13,6 +13,25 @@
| Distributable under LGPL license.
| See terms of license at gnu.org.
+--%>
+<%!
+
+ /**
+ * Translate HTML tags and single and double quotes.
+ */
+ public String translateMetaCharacters(Object value)
+ {
+ if(value == null)
+ return null;
+
+ String s = String.valueOf(value);
+ String sanitizedName = s.replace("<", "<");
+ sanitizedName = sanitizedName.replace(">", ">");
+ sanitizedName = sanitizedName.replace("\"", """);
+ sanitizedName = sanitizedName.replace("\'", "'");
+ return sanitizedName;
+ }
+%>
+
<%
String error = (String)request.getAttribute("error");
String monitorName = request.getParameter("monitorName");
@@ -77,27 +96,27 @@
<table cellspacing="2" cellpadding="2" border="0">
<tr>
<td><b>Monitor Name</b></td>
- <td><input type="text" name="monitorName" size="35" value="<%=monitorName%>"></td>
+ <td><input type="text" name="monitorName" size="35" value="<%=translateMetaCharacters(monitorName)%>"></td>
<td><i>The name of the monitor and how it will be references within web console</i></td>
</tr>
<tr>
<td><b>Object Name</b></td>
- <td><input type="text" name="objectName" value="<%=objectName%>" size="35"></td>
+ <td><input type="text" name="objectName" value="<%=translateMetaCharacters(objectName)%>" size="35"></td>
<td><i>The MBean javax.management.ObjectName of the MBean you are monitoring</i></td>
</tr>
<tr>
<td><b>Attribute</b></td>
- <td><input type="text" name="attribute" value="<%=attribute%>" size="35"></td>
+ <td><input type="text" name="attribute" value="<%=translateMetaCharacters(attribute)%>" size="35"></td>
<td><i>The MBean Attribute you are monitoring</i></td>
</tr>
<tr>
<td><b>Threshold</b></td>
- <td><input type="text" name="threshold" size="35" value="<%=threshold%>"></td>
+ <td><input type="text" name="threshold" size="35" value="<%=translateMetaCharacters(threshold)%>"></td>
<td><i>The value that will trigger an alert when the Comparison Equation is reached for the attribute value</i></td>
</tr>
<tr>
<td><b>Time Period</b></td>
- <td><input type="text" name="period" size="35" value="<%=period%>"></td>
+ <td><input type="text" name="period" size="35" value="<%=translateMetaCharacters(period)%>"></td>
<td><i>How often should threshold be tested.</i></td>
</tr>
<tr>
Modified: branches/Branch_5_x/console/src/resources/webconsole.war/createThresholdMonitorSummary.jsp
===================================================================
--- branches/Branch_5_x/console/src/resources/webconsole.war/createThresholdMonitorSummary.jsp 2009-07-17 14:40:44 UTC (rev 91373)
+++ branches/Branch_5_x/console/src/resources/webconsole.war/createThresholdMonitorSummary.jsp 2009-07-17 15:01:30 UTC (rev 91374)
@@ -13,6 +13,25 @@
| Distributable under LGPL license.
| See terms of license at gnu.org.
+--%>
+<%!
+
+ /**
+ * Translate HTML tags and single and double quotes.
+ */
+ public String translateMetaCharacters(Object value)
+ {
+ if(value == null)
+ return null;
+
+ String s = String.valueOf(value);
+ String sanitizedName = s.replace("<", "<");
+ sanitizedName = sanitizedName.replace(">", ">");
+ sanitizedName = sanitizedName.replace("\"", """);
+ sanitizedName = sanitizedName.replace("\'", "'");
+ return sanitizedName;
+ }
+%>
+
<%
String monitorName = request.getParameter("monitorName");
if (monitorName == null) monitorName = "";
@@ -68,27 +87,27 @@
<table cellspacing="2" cellpadding="2" border="0">
<tr>
<td><b>Monitor Name</b></td>
- <td><input type="text" name="monitorName" size="35" value="<%=monitorName%>" readonly></td>
+ <td><input type="text" name="monitorName" size="35" value="<%=translateMetaCharacters(monitorName)%>" readonly></td>
<td><i>The name of the monitor and how it will be references within web console</i></td>
</tr>
<tr>
<td><b>Object Name</b></td>
- <td><input type="text" name="objectName" value="<%=objectName%>" size="35" readonly></td>
+ <td><input type="text" name="objectName" value="<%=translateMetaCharacters(objectName)%>" size="35" readonly></td>
<td><i>The MBean javax.management.ObjectName of the MBean you are monitoring</i></td>
</tr>
<tr>
<td><b>Attribute</b></td>
- <td><input type="text" name="attribute" value="<%=attribute%>" size="35" readonly></td>
+ <td><input type="text" name="attribute" value="<%=translateMetaCharacters(attribute)%>" size="35" readonly></td>
<td><i>The MBean Attribute you are monitoring</i></td>
</tr>
<tr>
<td><b>Threshold</b></td>
- <td><input type="text" name="threshold" size="35" value="<%=threshold%>" readonly></td>
+ <td><input type="text" name="threshold" size="35" value="<%=translateMetaCharacters(threshold)%>" readonly></td>
<td><i>The value that will trigger an alert when the Comparison Equation is reached for the attribute value</i></td>
</tr>
<tr>
<td><b>Time Period</b></td>
- <td><input type="text" name="period" size="35" value="<%=period%>" readonly></td>
+ <td><input type="text" name="period" size="35" value="<%=translateMetaCharacters(period)%>" readonly></td>
<td><i>How often should threshold be tested.</i></td>
</tr>
<tr>
Modified: branches/Branch_5_x/console/src/resources/webconsole.war/listMonitors.jsp
===================================================================
--- branches/Branch_5_x/console/src/resources/webconsole.war/listMonitors.jsp 2009-07-17 14:40:44 UTC (rev 91373)
+++ branches/Branch_5_x/console/src/resources/webconsole.war/listMonitors.jsp 2009-07-17 15:01:30 UTC (rev 91374)
@@ -14,6 +14,25 @@
| Distributable under LGPL license.
| See terms of license at gnu.org.
+--%>
+<%!
+
+ /**
+ * Translate HTML tags and single and double quotes.
+ */
+ public String translateMetaCharacters(Object value)
+ {
+ if(value == null)
+ return null;
+
+ String s = String.valueOf(value);
+ String sanitizedName = s.replace("<", "<");
+ sanitizedName = sanitizedName.replace(">", ">");
+ sanitizedName = sanitizedName.replace("\"", """);
+ sanitizedName = sanitizedName.replace("\'", "'");
+ return sanitizedName;
+ }
+%>
+
<%
try
{
@@ -100,9 +119,9 @@
%>
<tr>
<td><%=status%></td>
- <td><font color="<%=color%>"><%=monitorName%></font></td>
- <td><font color="<%=color%>"><a href="<%=observedMbeanLink%>"><%=observedObject.toString()%></a></font></td>
- <td><font color="<%=color%>"><%=attribute%></font></td>
+ <td><font color="<%=color%>"><%=translateMetaCharacters(monitorName)%></font></td>
+ <td><font color="<%=color%>"><a href="<%=observedMbeanLink%>"><%=translateMetaCharacters(observedObject.toString())%></a></font></td>
+ <td><font color="<%=color%>"><%=translateMetaCharacters(attribute)%></font></td>
<td><a href="<%=link%>">manage</a></td>
</tr>
<%
Modified: branches/Branch_5_x/console/src/resources/webconsole.war/manageSnapshot.jsp
===================================================================
--- branches/Branch_5_x/console/src/resources/webconsole.war/manageSnapshot.jsp 2009-07-17 14:40:44 UTC (rev 91373)
+++ branches/Branch_5_x/console/src/resources/webconsole.war/manageSnapshot.jsp 2009-07-17 15:01:30 UTC (rev 91374)
@@ -14,6 +14,25 @@
| Distributable under LGPL license.
| See terms of license at gnu.org.
+--%>
+<%!
+
+ /**
+ * Translate HTML tags and single and double quotes.
+ */
+ public String translateMetaCharacters(Object value)
+ {
+ if(value == null)
+ return null;
+
+ String s = String.valueOf(value);
+ String sanitizedName = s.replace("<", "<");
+ sanitizedName = sanitizedName.replace(">", ">");
+ sanitizedName = sanitizedName.replace("\"", """);
+ sanitizedName = sanitizedName.replace("\'", "'");
+ return sanitizedName;
+ }
+%>
+
<%
try
{
@@ -71,27 +90,27 @@
<table cellspacing="2" cellpadding="2" border="0">
<tr>
<td><b>Monitor Name</b></td>
- <td><input type="text" name="monitorName" size="35" value="<%=monitorName%>" readonly></td>
+ <td><input type="text" name="monitorName" size="35" value="<%=translateMetaCharacters(monitorName)%>" readonly></td>
<td><i>The name of the monitor and how it will be references within web console</i></td>
</tr>
<tr>
<td><b>Monitor's Object Name</b></td>
- <td><input type="text" name="monitorObjectName" size="35" value="<%=monitorObjectName%>" readonly></td>
+ <td><input type="text" name="monitorObjectName" size="35" value="<%=translateMetaCharacters(monitorObjectName)%>" readonly></td>
<td><i>The MBean javax.management.ObjectName</i></td>
</tr>
<tr>
<td><b>Object Name</b></td>
- <td><input type="text" name="objectName" value="<%=observedObject.toString()%>" size="35" readonly></td>
+ <td><input type="text" name="objectName" value="<%=translateMetaCharacters(observedObject.toString())%>" size="35" readonly></td>
<td><i>The MBean javax.management.ObjectName of the MBean you are monitoring</i></td>
</tr>
<tr>
<td><b>Attribute</b></td>
- <td><input type="text" name="attribute" value="<%=attribute%>" size="35" readonly></td>
+ <td><input type="text" name="attribute" value="<%=translateMetaCharacters(attribute)%>" size="35" readonly></td>
<td><i>The MBean Attribute you are monitoring</i></td>
</tr>
<tr>
<td><b>Time Period</b></td>
- <td><input type="text" name="period" size="35" value="<%=period%>" readonly></td>
+ <td><input type="text" name="period" size="35" value="<%=translateMetaCharacters(period)%>" readonly></td>
<td><i>How often should threshold be tested.</i></td>
</tr>
</table>
Modified: branches/Branch_5_x/console/src/resources/webconsole.war/manageStringThresholdMonitor.jsp
===================================================================
--- branches/Branch_5_x/console/src/resources/webconsole.war/manageStringThresholdMonitor.jsp 2009-07-17 14:40:44 UTC (rev 91373)
+++ branches/Branch_5_x/console/src/resources/webconsole.war/manageStringThresholdMonitor.jsp 2009-07-17 15:01:30 UTC (rev 91374)
@@ -14,6 +14,25 @@
| Distributable under LGPL license.
| See terms of license at gnu.org.
+--%>
+<%!
+
+ /**
+ * Translate HTML tags and single and double quotes.
+ */
+ public String translateMetaCharacters(Object value)
+ {
+ if(value == null)
+ return null;
+
+ String s = String.valueOf(value);
+ String sanitizedName = s.replace("<", "<");
+ sanitizedName = sanitizedName.replace(">", ">");
+ sanitizedName = sanitizedName.replace("\"", """);
+ sanitizedName = sanitizedName.replace("\'", "'");
+ return sanitizedName;
+ }
+%>
+
<%
try
{
@@ -78,22 +97,22 @@
<table cellspacing="2" cellpadding="2" border="0">
<tr>
<td><b>Monitor Name</b></td>
- <td><input type="text" name="monitorName" size="35" value="<%=monitorName%>" readonly></td>
+ <td><input type="text" name="monitorName" size="35" value="<%=translateMetaCharacters(monitorName)%>" readonly></td>
<td><i>The name of the monitor and how it will be references within web console</i></td>
</tr>
<tr>
<td><b>Monitor's Object Name</b></td>
- <td><input type="text" name="monitorObjectName" size="35" value="<%=monitorObjectName%>" readonly></td>
+ <td><input type="text" name="monitorObjectName" size="35" value="<%=translateMetaCharacters(monitorObjectName)%>" readonly></td>
<td><i>The MBean javax.management.ObjectName</i></td>
</tr>
<tr>
<td><b>Object Name</b></td>
- <td><input type="text" name="objectName" value="<%=observedObject.toString()%>" size="35" readonly></td>
+ <td><input type="text" name="objectName" value="<%=translateMetaCharacters(observedObject.toString())%>" size="35" readonly></td>
<td><i>The MBean javax.management.ObjectName of the MBean you are monitoring</i></td>
</tr>
<tr>
<td><b>Attribute</b></td>
- <td><input type="text" name="attribute" value="<%=attribute%>" size="35" readonly></td>
+ <td><input type="text" name="attribute" value="<%=translateMetaCharacters(attribute)%>" size="35" readonly></td>
<td><i>The MBean Attribute you are monitoring</i></td>
</tr>
<%
@@ -102,18 +121,18 @@
%>
<tr>
<td><font color="red"><b>Triggered Value</b></font></td>
- <td><input type="text" name="trigger" value="<%=triggeredValue.toString()%>" size="35" readonly></td>
+ <td><input type="text" name="trigger" value="<%=translateMetaCharacters(triggeredValue.toString())%>" size="35" readonly></td>
<td><i>The attribute value the triggered the threshold.</i></td>
</tr>
<% } %>
<tr>
<td><b>Threshold</b></td>
- <td><input type="text" name="threshold" size="35" value="<%=threshold%>"></td>
+ <td><input type="text" name="threshold" size="35" value="<%=translateMetaCharacters(threshold)%>"></td>
<td><i>The value that will trigger an alert when the Comparison Equation is reached for the attribute value</i></td>
</tr>
<tr>
<td><b>Time Period</b></td>
- <td><input type="text" name="period" size="35" value="<%=period%>"></td>
+ <td><input type="text" name="period" size="35" value="<%=translateMetaCharacters(period)%>"></td>
<td><i>How often should threshold be tested.</i></td>
</tr>
<tr>
Modified: branches/Branch_5_x/console/src/resources/webconsole.war/manageThresholdMonitor.jsp
===================================================================
--- branches/Branch_5_x/console/src/resources/webconsole.war/manageThresholdMonitor.jsp 2009-07-17 14:40:44 UTC (rev 91373)
+++ branches/Branch_5_x/console/src/resources/webconsole.war/manageThresholdMonitor.jsp 2009-07-17 15:01:30 UTC (rev 91374)
@@ -14,6 +14,25 @@
| Distributable under LGPL license.
| See terms of license at gnu.org.
+--%>
+<%!
+
+ /**
+ * Translate HTML tags and single and double quotes.
+ */
+ public String translateMetaCharacters(Object value)
+ {
+ if(value == null)
+ return null;
+
+ String s = String.valueOf(value);
+ String sanitizedName = s.replace("<", "<");
+ sanitizedName = sanitizedName.replace(">", ">");
+ sanitizedName = sanitizedName.replace("\"", """);
+ sanitizedName = sanitizedName.replace("\'", "'");
+ return sanitizedName;
+ }
+%>
+
<%
try
{
@@ -78,22 +97,22 @@
<table cellspacing="2" cellpadding="2" border="0">
<tr>
<td><b>Monitor Name</b></td>
- <td><input type="text" name="monitorName" size="35" value="<%=monitorName%>" readonly></td>
+ <td><input type="text" name="monitorName" size="35" value="<%=translateMetaCharacters(monitorName)%>" readonly></td>
<td><i>The name of the monitor and how it will be references within web console</i></td>
</tr>
<tr>
<td><b>Monitor's Object Name</b></td>
- <td><input type="text" name="monitorObjectName" size="35" value="<%=monitorObjectName%>" readonly></td>
+ <td><input type="text" name="monitorObjectName" size="35" value="<%=translateMetaCharacters(monitorObjectName)%>" readonly></td>
<td><i>The MBean javax.management.ObjectName</i></td>
</tr>
<tr>
<td><b>Object Name</b></td>
- <td><input type="text" name="objectName" value="<%=observedObject.toString()%>" size="35" readonly></td>
+ <td><input type="text" name="objectName" value="<%=translateMetaCharacters(observedObject.toString())%>" size="35" readonly></td>
<td><i>The MBean javax.management.ObjectName of the MBean you are monitoring</i></td>
</tr>
<tr>
<td><b>Attribute</b></td>
- <td><input type="text" name="attribute" value="<%=attribute%>" size="35" readonly></td>
+ <td><input type="text" name="attribute" value="<%=translateMetaCharacters(attribute)%>" size="35" readonly></td>
<td><i>The MBean Attribute you are monitoring</i></td>
</tr>
<%
@@ -102,18 +121,18 @@
%>
<tr>
<td><font color="red"><b>Triggered Value</b></font></td>
- <td><input type="text" name="trigger" value="<%=triggeredValue.toString()%>" size="35" readonly></td>
+ <td><input type="text" name="trigger" value="<%=translateMetaCharacters(triggeredValue.toString())%>" size="35" readonly></td>
<td><i>The attribute value the triggered the threshold.</i></td>
</tr>
<% } %>
<tr>
<td><b>Threshold</b></td>
- <td><input type="text" name="threshold" size="35" value="<%=threshold%>"></td>
+ <td><input type="text" name="threshold" size="35" value="<%=translateMetaCharacters(threshold)%>"></td>
<td><i>The value that will trigger an alert when the Comparison Equation is reached for the attribute value</i></td>
</tr>
<tr>
<td><b>Time Period</b></td>
- <td><input type="text" name="period" size="35" value="<%=period%>"></td>
+ <td><input type="text" name="period" size="35" value="<%=translateMetaCharacters(period)%>"></td>
<td><i>How often should threshold be tested.</i></td>
</tr>
<tr>
Modified: branches/Branch_5_x/varia/src/resources/jmx/html/displayMBeans.jsp
===================================================================
--- branches/Branch_5_x/varia/src/resources/jmx/html/displayMBeans.jsp 2009-07-17 14:40:44 UTC (rev 91373)
+++ branches/Branch_5_x/varia/src/resources/jmx/html/displayMBeans.jsp 2009-07-17 15:01:30 UTC (rev 91374)
@@ -1,6 +1,25 @@
<?xml version="1.0"?>
<%@page contentType="text/html" import="java.net.*,java.util.*,org.jboss.jmx.adaptor.model.*,java.io.*"%>
+<%!
+
+ /**
+ * Translate HTML tags and single and double quotes.
+ */
+ public String translateMetaCharacters(Object value)
+ {
+ if(value == null)
+ return null;
+
+ String s = String.valueOf(value);
+ String sanitizedName = s.replace("<", "<");
+ sanitizedName = sanitizedName.replace(">", ">");
+ sanitizedName = sanitizedName.replace("\"", """);
+ sanitizedName = sanitizedName.replace("\'", "'");
+ return sanitizedName;
+ }
+%>
+
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<%
String bindAddress = "";
@@ -75,7 +94,7 @@
for(int d = 0; d < data.length; d ++)
{
String name = data[d].getObjectName().toString();
- String properties = data[d].getNameProperties();
+ String properties = translateMetaCharacters(data[d].getNameProperties());
out.println(" <li><a href=\"HtmlAdaptor?action=inspectMBean&name="+URLEncoder.encode(name,"UTF-8")+"\">"+URLDecoder.decode(properties,"UTF-8")+"</a></li>");
}
out.println(" </ul>");
Modified: branches/Branch_5_x/varia/src/resources/jmx/html/inspectMBean.jsp
===================================================================
--- branches/Branch_5_x/varia/src/resources/jmx/html/inspectMBean.jsp 2009-07-17 14:40:44 UTC (rev 91373)
+++ branches/Branch_5_x/varia/src/resources/jmx/html/inspectMBean.jsp 2009-07-17 15:01:30 UTC (rev 91374)
@@ -88,6 +88,22 @@
}
return s;
}
+
+ /**
+ * Translate HTML tags and single and double quotes.
+ */
+ public String translateMetaCharacters(Object value)
+ {
+ if(value == null)
+ return null;
+
+ String s = String.valueOf(value);
+ String sanitizedName = s.replace("<", "<");
+ sanitizedName = sanitizedName.replace(">", ">");
+ sanitizedName = sanitizedName.replace("\"", """);
+ sanitizedName = sanitizedName.replace("\'", "'");
+ return sanitizedName;
+ }
%>
@@ -163,7 +179,7 @@
while( it.hasNext() )
{
String key=(String)it.next();
- String val=(String)properties.get(key);
+ String val=translateMetaCharacters((String)properties.get(key));
out.println(" <tr><td><b>"+key+"</b></td><td>"+val+"</td></tr>");
}
%>
@@ -232,7 +248,7 @@
attrValue = fixValueForAttribute(attrValue);
if (String.valueOf(attrValue).indexOf(sep) == -1)
{
- out.print("<input type='text' size='80' name='"+attrName+"' value='"+attrValue+"' "+readonly+"/>");
+ out.print("<input type='text' size='80' name='"+attrName+"' value='"+translateMetaCharacters(attrValue)+"' "+readonly+"/>");
}
else
{
More information about the jboss-cvs-commits
mailing list