[jboss-cvs] JBossAS SVN: r91351 - in branches/JBPAPP_4_2_0_GA_CP: varia/src/resources/jmx/html and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Jul 16 12:14:00 EDT 2009
Author: fjuma
Date: 2009-07-16 12:13:59 -0400 (Thu, 16 Jul 2009)
New Revision: 91351
Modified:
branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/createSnapshot.jsp
branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/createStringThresholdMonitor.jsp
branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/createStringThresholdMonitorSummary.jsp
branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/createThresholdMonitor.jsp
branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/createThresholdMonitorSummary.jsp
branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/listMonitors.jsp
branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/manageSnapshot.jsp
branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/manageStringThresholdMonitor.jsp
branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/manageThresholdMonitor.jsp
branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/jmx/html/displayMBeans.jsp
branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/jmx/html/inspectMBean.jsp
Log:
JBPAPP-2274: Made sure that input parameters to createSnapshot.jsp and createThresholdMonitor.jsp for the Web Console are sanitized before being displayed to the user.
Modified: branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/createSnapshot.jsp
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/createSnapshot.jsp 2009-07-16 16:08:30 UTC (rev 91350)
+++ branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/createSnapshot.jsp 2009-07-16 16:13:59 UTC (rev 91351)
@@ -13,6 +13,24 @@
| Distributable under LGPL license.
| See terms of license at gnu.org.
+--%>
+<%!
+
+ /**
+ * Translate HTML tags and single and double quotes.
+ */
+ public String translateMetaCharacters(Object value)
+ {
+ if(value == null)
+ return null;
+
+ String s = String.valueOf(value);
+ String sanitizedName = s.replace("<", "<");
+ sanitizedName = sanitizedName.replace(">", ">");
+ sanitizedName = sanitizedName.replace("\"", """);
+ sanitizedName = sanitizedName.replace("\'", "'");
+ return sanitizedName;
+ }
+%>
<%
String error = (String)request.getAttribute("error");
String attribute = request.getParameter("attribute");
@@ -60,22 +78,22 @@
<table cellspacing="2" cellpadding="2" border="0">
<tr>
<td><b>Monitor Name</b></td>
- <td><input type="text" name="monitorName" size="35" value="<%=monitorName%>"></td>
+ <td><input type="text" name="monitorName" size="35" value="<%=translateMetaCharacters(monitorName)%>"></td>
<td><i>The name of the monitor and how it will be references within web console</i></td>
</tr>
<tr>
<td><b>Object Name</b></td>
- <td><input type="text" name="objectName" value="<%=objectName%>" size="35"></td>
+ <td><input type="text" name="objectName" value="<%=translateMetaCharacters(objectName)%>" size="35"></td>
<td><i>The MBean javax.management.ObjectName of the MBean you are monitoring</i></td>
</tr>
<tr>
<td><b>Attribute</b></td>
- <td><input type="text" name="attribute" value="<%=attribute%>" size="35"></td>
+ <td><input type="text" name="attribute" value="<%=translateMetaCharacters(attribute)%>" size="35"></td>
<td><i>The MBean Attribute you are monitoring</i></td>
</tr>
<tr>
<td><b>Time Period</b></td>
- <td><input type="text" name="period" size="35" value="<%=period%>"></td>
+ <td><input type="text" name="period" size="35" value="<%=translateMetaCharacters(period)%>"></td>
<td><i>How often should threshold be tested.</i></td>
</tr>
</table>
Modified: branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/createStringThresholdMonitor.jsp
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/createStringThresholdMonitor.jsp 2009-07-16 16:08:30 UTC (rev 91350)
+++ branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/createStringThresholdMonitor.jsp 2009-07-16 16:13:59 UTC (rev 91351)
@@ -13,6 +13,24 @@
| Distributable under LGPL license.
| See terms of license at gnu.org.
+--%>
+<%!
+
+ /**
+ * Translate HTML tags and single and double quotes.
+ */
+ public String translateMetaCharacters(Object value)
+ {
+ if(value == null)
+ return null;
+
+ String s = String.valueOf(value);
+ String sanitizedName = s.replace("<", "<");
+ sanitizedName = sanitizedName.replace(">", ">");
+ sanitizedName = sanitizedName.replace("\"", """);
+ sanitizedName = sanitizedName.replace("\'", "'");
+ return sanitizedName;
+ }
+%>
<%
MBeanServer mbeanServer = MBeanServerLocator.locateJBoss();
String error = (String)request.getAttribute("error");
@@ -85,27 +103,27 @@
<table cellspacing="2" cellpadding="2" border="0">
<tr>
<td><b>Monitor Name</b></td>
- <td><input type="text" name="monitorName" size="35" value="<%=monitorName%>"></td>
+ <td><input type="text" name="monitorName" size="35" value="<%=translateMetaCharacters(monitorName)%>"></td>
<td><i>The name of the monitor and how it will be references within web console</i></td>
</tr>
<tr>
<td><b>Object Name</b></td>
- <td><input type="text" name="objectName" value="<%=objectName%>" size="35"></td>
+ <td><input type="text" name="objectName" value="<%=translateMetaCharacters(objectName)%>" size="35"></td>
<td><i>The MBean javax.management.ObjectName of the MBean you are monitoring</i></td>
</tr>
<tr>
<td><b>Attribute</b></td>
- <td><input type="text" name="attribute" value="<%=attribute%>" size="35"></td>
+ <td><input type="text" name="attribute" value="<%=translateMetaCharacters(attribute)%>" size="35"></td>
<td><i>The MBean Attribute you are monitoring</i></td>
</tr>
<tr>
<td><b>Threshold</b></td>
- <td><input type="text" name="threshold" size="35" value="<%=threshold%>"></td>
+ <td><input type="text" name="threshold" size="35" value="<%=translateMetaCharacters(threshold)%>"></td>
<td><i>The value that will trigger an alert when the Comparison Equation is reached for the attribute value</i></td>
</tr>
<tr>
<td><b>Time Period</b></td>
- <td><input type="text" name="period" size="35" value="<%=period%>"></td>
+ <td><input type="text" name="period" size="35" value="<%=translateMetaCharacters(period)%>"></td>
<td><i>How often should threshold be tested.</i></td>
</tr>
<tr>
Modified: branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/createStringThresholdMonitorSummary.jsp
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/createStringThresholdMonitorSummary.jsp 2009-07-16 16:08:30 UTC (rev 91350)
+++ branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/createStringThresholdMonitorSummary.jsp 2009-07-16 16:13:59 UTC (rev 91351)
@@ -13,6 +13,24 @@
| Distributable under LGPL license.
| See terms of license at gnu.org.
+--%>
+<%!
+
+ /**
+ * Translate HTML tags and single and double quotes.
+ */
+ public String translateMetaCharacters(Object value)
+ {
+ if(value == null)
+ return null;
+
+ String s = String.valueOf(value);
+ String sanitizedName = s.replace("<", "<");
+ sanitizedName = sanitizedName.replace(">", ">");
+ sanitizedName = sanitizedName.replace("\"", """);
+ sanitizedName = sanitizedName.replace("\'", "'");
+ return sanitizedName;
+ }
+%>
<%
String monitorName = request.getParameter("monitorName");
if (monitorName == null) monitorName = "";
@@ -70,27 +88,27 @@
<table cellspacing="2" cellpadding="2" border="0">
<tr>
<td><b>Monitor Name</b></td>
- <td><input type="text" name="monitorName" size="35" value="<%=monitorName%>" readonly></td>
+ <td><input type="text" name="monitorName" size="35" value="<%=translateMetaCharacters(monitorName)%>" readonly></td>
<td><i>The name of the monitor and how it will be references within web console</i></td>
</tr>
<tr>
<td><b>Object Name</b></td>
- <td><input type="text" name="objectName" value="<%=objectName%>" size="35" readonly></td>
+ <td><input type="text" name="objectName" value="<%=translateMetaCharacters(objectName)%>" size="35" readonly></td>
<td><i>The MBean javax.management.ObjectName of the MBean you are monitoring</i></td>
</tr>
<tr>
<td><b>Attribute</b></td>
- <td><input type="text" name="attribute" value="<%=attribute%>" size="35" readonly></td>
+ <td><input type="text" name="attribute" value="<%=translateMetaCharacters(attribute)%>" size="35" readonly></td>
<td><i>The MBean Attribute you are monitoring</i></td>
</tr>
<tr>
<td><b>Threshold</b></td>
- <td><input type="text" name="threshold" size="35" value="<%=threshold%>" readonly></td>
+ <td><input type="text" name="threshold" size="35" value="<%=translateMetaCharacters(threshold)%>" readonly></td>
<td><i>The value that will trigger an alert when the Comparison Equation is reached for the attribute value</i></td>
</tr>
<tr>
<td><b>Time Period</b></td>
- <td><input type="text" name="period" size="35" value="<%=period%>" readonly></td>
+ <td><input type="text" name="period" size="35" value="<%=translateMetaCharacters(period)%>" readonly></td>
<td><i>How often should threshold be tested.</i></td>
</tr>
<tr>
Modified: branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/createThresholdMonitor.jsp
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/createThresholdMonitor.jsp 2009-07-16 16:08:30 UTC (rev 91350)
+++ branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/createThresholdMonitor.jsp 2009-07-16 16:13:59 UTC (rev 91351)
@@ -13,6 +13,24 @@
| Distributable under LGPL license.
| See terms of license at gnu.org.
+--%>
+<%!
+
+ /**
+ * Translate HTML tags and single and double quotes.
+ */
+ public String translateMetaCharacters(Object value)
+ {
+ if(value == null)
+ return null;
+
+ String s = String.valueOf(value);
+ String sanitizedName = s.replace("<", "<");
+ sanitizedName = sanitizedName.replace(">", ">");
+ sanitizedName = sanitizedName.replace("\"", """);
+ sanitizedName = sanitizedName.replace("\'", "'");
+ return sanitizedName;
+ }
+%>
<%
String error = (String)request.getAttribute("error");
String monitorName = request.getParameter("monitorName");
@@ -77,27 +95,27 @@
<table cellspacing="2" cellpadding="2" border="0">
<tr>
<td><b>Monitor Name</b></td>
- <td><input type="text" name="monitorName" size="35" value="<%=monitorName%>"></td>
+ <td><input type="text" name="monitorName" size="35" value="<%=translateMetaCharacters(monitorName)%>"></td>
<td><i>The name of the monitor and how it will be references within web console</i></td>
</tr>
<tr>
<td><b>Object Name</b></td>
- <td><input type="text" name="objectName" value="<%=objectName%>" size="35"></td>
+ <td><input type="text" name="objectName" value="<%=translateMetaCharacters(objectName)%>" size="35"></td>
<td><i>The MBean javax.management.ObjectName of the MBean you are monitoring</i></td>
</tr>
<tr>
<td><b>Attribute</b></td>
- <td><input type="text" name="attribute" value="<%=attribute%>" size="35"></td>
+ <td><input type="text" name="attribute" value="<%=translateMetaCharacters(attribute)%>" size="35"></td>
<td><i>The MBean Attribute you are monitoring</i></td>
</tr>
<tr>
<td><b>Threshold</b></td>
- <td><input type="text" name="threshold" size="35" value="<%=threshold%>"></td>
+ <td><input type="text" name="threshold" size="35" value="<%=translateMetaCharacters(threshold)%>"></td>
<td><i>The value that will trigger an alert when the Comparison Equation is reached for the attribute value</i></td>
</tr>
<tr>
<td><b>Time Period</b></td>
- <td><input type="text" name="period" size="35" value="<%=period%>"></td>
+ <td><input type="text" name="period" size="35" value="<%=translateMetaCharacters(period)%>"></td>
<td><i>How often should threshold be tested.</i></td>
</tr>
<tr>
Modified: branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/createThresholdMonitorSummary.jsp
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/createThresholdMonitorSummary.jsp 2009-07-16 16:08:30 UTC (rev 91350)
+++ branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/createThresholdMonitorSummary.jsp 2009-07-16 16:13:59 UTC (rev 91351)
@@ -13,6 +13,24 @@
| Distributable under LGPL license.
| See terms of license at gnu.org.
+--%>
+<%!
+
+ /**
+ * Translate HTML tags and single and double quotes.
+ */
+ public String translateMetaCharacters(Object value)
+ {
+ if(value == null)
+ return null;
+
+ String s = String.valueOf(value);
+ String sanitizedName = s.replace("<", "<");
+ sanitizedName = sanitizedName.replace(">", ">");
+ sanitizedName = sanitizedName.replace("\"", """);
+ sanitizedName = sanitizedName.replace("\'", "'");
+ return sanitizedName;
+ }
+%>
<%
String monitorName = request.getParameter("monitorName");
if (monitorName == null) monitorName = "";
@@ -68,27 +86,27 @@
<table cellspacing="2" cellpadding="2" border="0">
<tr>
<td><b>Monitor Name</b></td>
- <td><input type="text" name="monitorName" size="35" value="<%=monitorName%>" readonly></td>
+ <td><input type="text" name="monitorName" size="35" value="<%=translateMetaCharacters(monitorName)%>" readonly></td>
<td><i>The name of the monitor and how it will be references within web console</i></td>
</tr>
<tr>
<td><b>Object Name</b></td>
- <td><input type="text" name="objectName" value="<%=objectName%>" size="35" readonly></td>
+ <td><input type="text" name="objectName" value="<%=translateMetaCharacters(objectName)%>" size="35" readonly></td>
<td><i>The MBean javax.management.ObjectName of the MBean you are monitoring</i></td>
</tr>
<tr>
<td><b>Attribute</b></td>
- <td><input type="text" name="attribute" value="<%=attribute%>" size="35" readonly></td>
+ <td><input type="text" name="attribute" value="<%=translateMetaCharacters(attribute)%>" size="35" readonly></td>
<td><i>The MBean Attribute you are monitoring</i></td>
</tr>
<tr>
<td><b>Threshold</b></td>
- <td><input type="text" name="threshold" size="35" value="<%=threshold%>" readonly></td>
+ <td><input type="text" name="threshold" size="35" value="<%=translateMetaCharacters(threshold)%>" readonly></td>
<td><i>The value that will trigger an alert when the Comparison Equation is reached for the attribute value</i></td>
</tr>
<tr>
<td><b>Time Period</b></td>
- <td><input type="text" name="period" size="35" value="<%=period%>" readonly></td>
+ <td><input type="text" name="period" size="35" value="<%=translateMetaCharacters(period)%>" readonly></td>
<td><i>How often should threshold be tested.</i></td>
</tr>
<tr>
Modified: branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/listMonitors.jsp
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/listMonitors.jsp 2009-07-16 16:08:30 UTC (rev 91350)
+++ branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/listMonitors.jsp 2009-07-16 16:13:59 UTC (rev 91351)
@@ -14,6 +14,24 @@
| Distributable under LGPL license.
| See terms of license at gnu.org.
+--%>
+ <%!
+
+ /**
+ * Translate HTML tags and single and double quotes.
+ */
+ public String translateMetaCharacters(Object value)
+ {
+ if(value == null)
+ return null;
+
+ String s = String.valueOf(value);
+ String sanitizedName = s.replace("<", "<");
+ sanitizedName = sanitizedName.replace(">", ">");
+ sanitizedName = sanitizedName.replace("\"", """);
+ sanitizedName = sanitizedName.replace("\'", "'");
+ return sanitizedName;
+ }
+%>
<%
try
{
@@ -100,9 +118,9 @@
%>
<tr>
<td><%=status%></td>
- <td><font color="<%=color%>"><%=monitorName%></font></td>
- <td><font color="<%=color%>"><a href="<%=observedMbeanLink%>"><%=observedObject.toString()%></a></font></td>
- <td><font color="<%=color%>"><%=attribute%></font></td>
+ <td><font color="<%=color%>"><%=translateMetaCharacters(monitorName)%></font></td>
+ <td><font color="<%=color%>"><a href="<%=observedMbeanLink%>"><%=translateMetaCharacters(observedObject.toString())%></a></font></td>
+ <td><font color="<%=color%>"><%=translateMetaCharacters(attribute)%></font></td>
<td><a href="<%=link%>">manage</a></td>
</tr>
<%
Modified: branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/manageSnapshot.jsp
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/manageSnapshot.jsp 2009-07-16 16:08:30 UTC (rev 91350)
+++ branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/manageSnapshot.jsp 2009-07-16 16:13:59 UTC (rev 91351)
@@ -14,6 +14,24 @@
| Distributable under LGPL license.
| See terms of license at gnu.org.
+--%>
+<%!
+
+ /**
+ * Translate HTML tags and single and double quotes.
+ */
+ public String translateMetaCharacters(Object value)
+ {
+ if(value == null)
+ return null;
+
+ String s = String.valueOf(value);
+ String sanitizedName = s.replace("<", "<");
+ sanitizedName = sanitizedName.replace(">", ">");
+ sanitizedName = sanitizedName.replace("\"", """);
+ sanitizedName = sanitizedName.replace("\'", "'");
+ return sanitizedName;
+ }
+%>
<%
try
{
@@ -67,31 +85,31 @@
}
%>
<form action="ManageSnapshot" method="post">
-<input type="hidden" name="monitorObjectName" value="<%=moname.toString()%>">
+<input type="hidden" name="monitorObjectName" value="<%=translateMetaCharacters(moname.toString())%>">
<table cellspacing="2" cellpadding="2" border="0">
<tr>
<td><b>Monitor Name</b></td>
- <td><input type="text" name="monitorName" size="35" value="<%=monitorName%>" readonly></td>
+ <td><input type="text" name="monitorName" size="35" value="<%=translateMetaCharacters(monitorName)%>" readonly></td>
<td><i>The name of the monitor and how it will be references within web console</i></td>
</tr>
<tr>
<td><b>Monitor's Object Name</b></td>
- <td><input type="text" name="monitorObjectName" size="35" value="<%=monitorObjectName%>" readonly></td>
+ <td><input type="text" name="monitorObjectName" size="35" value="<%=translateMetaCharacters(monitorObjectName)%>" readonly></td>
<td><i>The MBean javax.management.ObjectName</i></td>
</tr>
<tr>
<td><b>Object Name</b></td>
- <td><input type="text" name="objectName" value="<%=observedObject.toString()%>" size="35" readonly></td>
+ <td><input type="text" name="objectName" value="<%=translateMetaCharacters(observedObject.toString())%>" size="35" readonly></td>
<td><i>The MBean javax.management.ObjectName of the MBean you are monitoring</i></td>
</tr>
<tr>
<td><b>Attribute</b></td>
- <td><input type="text" name="attribute" value="<%=attribute%>" size="35" readonly></td>
+ <td><input type="text" name="attribute" value="<%=translateMetaCharacters(attribute)%>" size="35" readonly></td>
<td><i>The MBean Attribute you are monitoring</i></td>
</tr>
<tr>
<td><b>Time Period</b></td>
- <td><input type="text" name="period" size="35" value="<%=period%>" readonly></td>
+ <td><input type="text" name="period" size="35" value="<%=translateMetaCharacters(period)%>" readonly></td>
<td><i>How often should threshold be tested.</i></td>
</tr>
</table>
Modified: branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/manageStringThresholdMonitor.jsp
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/manageStringThresholdMonitor.jsp 2009-07-16 16:08:30 UTC (rev 91350)
+++ branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/manageStringThresholdMonitor.jsp 2009-07-16 16:13:59 UTC (rev 91351)
@@ -14,6 +14,24 @@
| Distributable under LGPL license.
| See terms of license at gnu.org.
+--%>
+<%!
+
+ /**
+ * Translate HTML tags and single and double quotes.
+ */
+ public String translateMetaCharacters(Object value)
+ {
+ if(value == null)
+ return null;
+
+ String s = String.valueOf(value);
+ String sanitizedName = s.replace("<", "<");
+ sanitizedName = sanitizedName.replace(">", ">");
+ sanitizedName = sanitizedName.replace("\"", """);
+ sanitizedName = sanitizedName.replace("\'", "'");
+ return sanitizedName;
+ }
+%>
<%
try
{
@@ -78,22 +96,22 @@
<table cellspacing="2" cellpadding="2" border="0">
<tr>
<td><b>Monitor Name</b></td>
- <td><input type="text" name="monitorName" size="35" value="<%=monitorName%>" readonly></td>
+ <td><input type="text" name="monitorName" size="35" value="<%=translateMetaCharacters(monitorName)%>" readonly></td>
<td><i>The name of the monitor and how it will be references within web console</i></td>
</tr>
<tr>
<td><b>Monitor's Object Name</b></td>
- <td><input type="text" name="monitorObjectName" size="35" value="<%=monitorObjectName%>" readonly></td>
+ <td><input type="text" name="monitorObjectName" size="35" value="<%=translateMetaCharacters(monitorObjectName)%>" readonly></td>
<td><i>The MBean javax.management.ObjectName</i></td>
</tr>
<tr>
<td><b>Object Name</b></td>
- <td><input type="text" name="objectName" value="<%=observedObject.toString()%>" size="35" readonly></td>
+ <td><input type="text" name="objectName" value="<%=translateMetaCharacters(observedObject.toString())%>" size="35" readonly></td>
<td><i>The MBean javax.management.ObjectName of the MBean you are monitoring</i></td>
</tr>
<tr>
<td><b>Attribute</b></td>
- <td><input type="text" name="attribute" value="<%=attribute%>" size="35" readonly></td>
+ <td><input type="text" name="attribute" value="<%=translateMetaCharacters(attribute)%>" size="35" readonly></td>
<td><i>The MBean Attribute you are monitoring</i></td>
</tr>
<%
@@ -102,18 +120,18 @@
%>
<tr>
<td><font color="red"><b>Triggered Value</b></font></td>
- <td><input type="text" name="trigger" value="<%=triggeredValue.toString()%>" size="35" readonly></td>
+ <td><input type="text" name="trigger" value="<%=translateMetaCharacters(triggeredValue.toString())%>" size="35" readonly></td>
<td><i>The attribute value the triggered the threshold.</i></td>
</tr>
<% } %>
<tr>
<td><b>Threshold</b></td>
- <td><input type="text" name="threshold" size="35" value="<%=threshold%>"></td>
+ <td><input type="text" name="threshold" size="35" value="<%=translateMetaCharacters(threshold)%>"></td>
<td><i>The value that will trigger an alert when the Comparison Equation is reached for the attribute value</i></td>
</tr>
<tr>
<td><b>Time Period</b></td>
- <td><input type="text" name="period" size="35" value="<%=period%>"></td>
+ <td><input type="text" name="period" size="35" value="<%=translateMetaCharacters(period)%>"></td>
<td><i>How often should threshold be tested.</i></td>
</tr>
<tr>
Modified: branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/manageThresholdMonitor.jsp
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/manageThresholdMonitor.jsp 2009-07-16 16:08:30 UTC (rev 91350)
+++ branches/JBPAPP_4_2_0_GA_CP/console/src/resources/webconsole.war/manageThresholdMonitor.jsp 2009-07-16 16:13:59 UTC (rev 91351)
@@ -14,6 +14,24 @@
| Distributable under LGPL license.
| See terms of license at gnu.org.
+--%>
+<%!
+
+ /**
+ * Translate HTML tags and single and double quotes.
+ */
+ public String translateMetaCharacters(Object value)
+ {
+ if(value == null)
+ return null;
+
+ String s = String.valueOf(value);
+ String sanitizedName = s.replace("<", "<");
+ sanitizedName = sanitizedName.replace(">", ">");
+ sanitizedName = sanitizedName.replace("\"", """);
+ sanitizedName = sanitizedName.replace("\'", "'");
+ return sanitizedName;
+ }
+%>
<%
try
{
@@ -78,22 +96,22 @@
<table cellspacing="2" cellpadding="2" border="0">
<tr>
<td><b>Monitor Name</b></td>
- <td><input type="text" name="monitorName" size="35" value="<%=monitorName%>" readonly></td>
+ <td><input type="text" name="monitorName" size="35" value="<%=translateMetaCharacters(monitorName)%>" readonly></td>
<td><i>The name of the monitor and how it will be references within web console</i></td>
</tr>
<tr>
<td><b>Monitor's Object Name</b></td>
- <td><input type="text" name="monitorObjectName" size="35" value="<%=monitorObjectName%>" readonly></td>
+ <td><input type="text" name="monitorObjectName" size="35" value="<%=translateMetaCharacters(monitorObjectName)%>" readonly></td>
<td><i>The MBean javax.management.ObjectName</i></td>
</tr>
<tr>
<td><b>Object Name</b></td>
- <td><input type="text" name="objectName" value="<%=observedObject.toString()%>" size="35" readonly></td>
+ <td><input type="text" name="objectName" value="<%=translateMetaCharacters(observedObject.toString())%>" size="35" readonly></td>
<td><i>The MBean javax.management.ObjectName of the MBean you are monitoring</i></td>
</tr>
<tr>
<td><b>Attribute</b></td>
- <td><input type="text" name="attribute" value="<%=attribute%>" size="35" readonly></td>
+ <td><input type="text" name="attribute" value="<%=translateMetaCharacters(attribute)%>" size="35" readonly></td>
<td><i>The MBean Attribute you are monitoring</i></td>
</tr>
<%
@@ -102,18 +120,18 @@
%>
<tr>
<td><font color="red"><b>Triggered Value</b></font></td>
- <td><input type="text" name="trigger" value="<%=triggeredValue.toString()%>" size="35" readonly></td>
+ <td><input type="text" name="trigger" value="<%=translateMetaCharacters(triggeredValue.toString())%>" size="35" readonly></td>
<td><i>The attribute value the triggered the threshold.</i></td>
</tr>
<% } %>
<tr>
<td><b>Threshold</b></td>
- <td><input type="text" name="threshold" size="35" value="<%=threshold%>"></td>
+ <td><input type="text" name="threshold" size="35" value="<%=translateMetaCharacters(threshold)%>"></td>
<td><i>The value that will trigger an alert when the Comparison Equation is reached for the attribute value</i></td>
</tr>
<tr>
<td><b>Time Period</b></td>
- <td><input type="text" name="period" size="35" value="<%=period%>"></td>
+ <td><input type="text" name="period" size="35" value="<%=translateMetaCharacters(period)%>"></td>
<td><i>How often should threshold be tested.</i></td>
</tr>
<tr>
Modified: branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/jmx/html/displayMBeans.jsp
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/jmx/html/displayMBeans.jsp 2009-07-16 16:08:30 UTC (rev 91350)
+++ branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/jmx/html/displayMBeans.jsp 2009-07-16 16:13:59 UTC (rev 91351)
@@ -1,6 +1,24 @@
<%@page contentType="text/html"
import="java.net.*,java.util.*,org.jboss.jmx.adaptor.model.*,java.io.*"
%>
+<%!
+
+ /**
+ * Translate HTML tags and single and double quotes.
+ */
+ public String translateMetaCharacters(Object value)
+ {
+ if(value == null)
+ return null;
+
+ String s = String.valueOf(value);
+ String sanitizedName = s.replace("<", "<");
+ sanitizedName = sanitizedName.replace(">", ">");
+ sanitizedName = sanitizedName.replace("\"", """);
+ sanitizedName = sanitizedName.replace("\'", "'");
+ return sanitizedName;
+ }
+%>
<html>
<head>
<title>JBoss JMX Management Console</title>
@@ -50,7 +68,8 @@
for(int d = 0; d < data.length; d ++)
{
String name = data[d].getObjectName().toString();
- String properties = data[d].getNameProperties();
+ String properties = translateMetaCharacters(data[d].getNameProperties());
+
%>
<li><a href="HtmlAdaptor?action=inspectMBean&name=<%= URLEncoder.encode(name) %>"><%= URLDecoder.decode(properties) %></a></li>
<%
Modified: branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/jmx/html/inspectMBean.jsp
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/jmx/html/inspectMBean.jsp 2009-07-16 16:08:30 UTC (rev 91350)
+++ branches/JBPAPP_4_2_0_GA_CP/varia/src/resources/jmx/html/inspectMBean.jsp 2009-07-16 16:13:59 UTC (rev 91351)
@@ -22,6 +22,22 @@
sname = name.replace("\'", "'");
return sname;
}
+
+ /**
+ * Translate HTML tags and single and double quotes.
+ */
+ public String translateMetaCharacters(Object value)
+ {
+ if(value == null)
+ return null;
+
+ String s = String.valueOf(value);
+ String sanitizedName = s.replace("<", "<");
+ sanitizedName = sanitizedName.replace(">", ">");
+ sanitizedName = sanitizedName.replace("\"", """);
+ sanitizedName = sanitizedName.replace("\'", "'");
+ return sanitizedName;
+ }
%>
<html>
<head>
@@ -68,7 +84,8 @@
while( it.hasNext() )
{
String key = (String) it.next();
- String value = (String) properties.get( key );
+ String value = translateMetaCharacters((String) properties.get( key ));
+
%>
<tr><td></td><td><b><%= key %>: </b></td><td><%= value %></td></tr>
<%
@@ -156,7 +173,7 @@
if( attrType.equals("javax.management.ObjectName") )
avalue = quoteName(avalue);
%>
- <input type="text" name="<%= attrName %>" value='<%= avalue %>' <%= readonly %>>
+ <input type="text" name="<%= attrName %>" value='<%= translateMetaCharacters(avalue) %>' <%= readonly %>>
<%
}
More information about the jboss-cvs-commits
mailing list