[jboss-cvs] JBossAS SVN: r77030 - trunk/varia/src/main/org/jboss/jmx/adaptor/html.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Aug 13 15:48:27 EDT 2008
Author: csaldanh
Date: 2008-08-13 15:48:26 -0400 (Wed, 13 Aug 2008)
New Revision: 77030
Modified:
trunk/varia/src/main/org/jboss/jmx/adaptor/html/HtmlAdaptorServlet.java
Log:
JBAS-5855: Fix for XSS in jmx-console
Modified: trunk/varia/src/main/org/jboss/jmx/adaptor/html/HtmlAdaptorServlet.java
===================================================================
--- trunk/varia/src/main/org/jboss/jmx/adaptor/html/HtmlAdaptorServlet.java 2008-08-13 19:30:39 UTC (rev 77029)
+++ trunk/varia/src/main/org/jboss/jmx/adaptor/html/HtmlAdaptorServlet.java 2008-08-13 19:48:26 UTC (rev 77030)
@@ -172,6 +172,9 @@
filter = "";
}
+ //Change "<" and ">" to "<" and ">" in filter string
+ filter = translateMetaCharacters(filter);
+
// update request filter and store filter in session context,
// so it can be used when no filter has been submitted in
// current request
@@ -329,5 +332,14 @@
argList.toArray(args);
return args;
}
+
+ /** Translate html metacharacters in filter string only '<' and '>'
+ */
+ private String translateMetaCharacters(String s)
+ {
+ s = s.replaceAll("<","<");
+ s = s.replaceAll(">",">");
+ return s;
+ }
}
More information about the jboss-cvs-commits
mailing list