ASF Bugzilla – Attachment 13896 Details for
Bug 32953
SERVLETAPI: XSS Issues
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for XSS issues
xss.patch (text/plain), 5.23 KB, created by
Mark Thomas
on 2005-01-05 12:25:19 UTC
(
hide
)
Description:
Patch for XSS issues
Filename:
MIME Type:
Creator:
Mark Thomas
Created:
2005-01-05 12:25:19 UTC
Size:
5.23 KB
patch
obsolete
>Index: jsr152/examples/jsp2/el/functions.jsp >=================================================================== >RCS file: /home/cvs/jakarta-servletapi-5/jsr152/examples/jsp2/el/functions.jsp,v >retrieving revision 1.4 >diff -u -r1.4 functions.jsp >--- jsr152/examples/jsp2/el/functions.jsp 18 Mar 2004 16:40:30 -0000 1.4 >+++ jsr152/examples/jsp2/el/functions.jsp 20 Nov 2004 19:02:46 -0000 >@@ -13,6 +13,7 @@ > See the License for the specific language governing permissions and > limitations under the License. > --> >+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %> > <%@ taglib prefix="my" uri="http://jakarta.apache.org/tomcat/jsp2-example-taglib"%> > > <html> >@@ -30,7 +31,7 @@ > <blockquote> > <u><b>Change Parameter</b></u> > <form action="functions.jsp" method="GET"> >- foo = <input type="text" name="foo" value="${param['foo']}"> >+ foo = <input type="text" name="foo" value="${fn:escapeXml(param["foo"])}"> > <input type="submit"> > </form> > <br> >@@ -42,19 +43,19 @@ > </thead> > <tr> > <td>\${param["foo"]}</td> >- <td>${param["foo"]} </td> >+ <td>${fn:escapeXml(param["foo"])} </td> > </tr> > <tr> > <td>\${my:reverse(param["foo"])}</td> >- <td>${my:reverse(param["foo"])} </td> >+ <td>${my:reverse(fn:escapeXml(param["foo"]))} </td> > </tr> > <tr> > <td>\${my:reverse(my:reverse(param["foo"]))}</td> >- <td>${my:reverse(my:reverse(param["foo"]))} </td> >+ <td>${my:reverse(my:reverse(fn:escapeXml(param["foo"])))} </td> > </tr> > <tr> > <td>\${my:countVowels(param["foo"])}</td> >- <td>${my:countVowels(param["foo"])} </td> >+ <td>${my:countVowels(fn:escapeXml(param["foo"]))} </td> > </tr> > </table> > </code> >Index: jsr152/examples/jsp2/el/implicit-objects.jsp >=================================================================== >RCS file: /home/cvs/jakarta-servletapi-5/jsr152/examples/jsp2/el/implicit-objects.jsp,v >retrieving revision 1.3 >diff -u -r1.3 implicit-objects.jsp >--- jsr152/examples/jsp2/el/implicit-objects.jsp 18 Mar 2004 16:40:30 -0000 1.3 >+++ jsr152/examples/jsp2/el/implicit-objects.jsp 20 Nov 2004 19:04:08 -0000 >@@ -13,6 +13,8 @@ > See the License for the specific language governing permissions and > limitations under the License. > --> >+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %> >+ > <html> > <head> > <title>JSP 2.0 Expression Language - Implicit Objects</title> >@@ -49,7 +51,7 @@ > <blockquote> > <u><b>Change Parameter</b></u> > <form action="implicit-objects.jsp" method="GET"> >- foo = <input type="text" name="foo" value="${param["foo"]}"> >+ foo = <input type="text" name="foo" value="${fn:escapeXml(param["foo"])}"> > <input type="submit"> > </form> > <br> >@@ -61,11 +63,11 @@ > </thead> > <tr> > <td>\${param.foo}</td> >- <td>${param.foo} </td> >+ <td>${fn:escapeXml(param["foo"])} </td> > </tr> > <tr> > <td>\${param["foo"]}</td> >- <td>${param["foo"]} </td> >+ <td>${fn:escapeXml(param["foo"])} </td> > </tr> > <tr> > <td>\${header["host"]}</td> >Index: jsr152/examples/jsp2/jspx/textRotate.jspx >=================================================================== >RCS file: /home/cvs/jakarta-servletapi-5/jsr152/examples/jsp2/jspx/textRotate.jspx,v >retrieving revision 1.3 >diff -u -r1.3 textRotate.jspx >--- jsr152/examples/jsp2/jspx/textRotate.jspx 21 Nov 2003 22:06:02 -0000 1.3 >+++ jsr152/examples/jsp2/jspx/textRotate.jspx 20 Nov 2004 19:54:12 -0000 >@@ -6,11 +6,12 @@ > <svg xmlns="http://www.w3.org/2000/svg" > width="450" height="500" viewBox="0 0 450 500" > xmlns:c="http://java.sun.com/jsp/jstl/core" >+ xmlns:fn="http://java.sun.com/jsp/jstl/functions" > xmlns:jsp="http://java.sun.com/JSP/Page"> > <jsp:directive.page contentType="image/svg+xml" /> > <title>JSP 2.0 JSPX</title> > <!-- select name parameter, or default to JSPX --> >- <c:set var="name" value='${empty param["name"] ? "JSPX" : param["name"]}'/> >+ <c:set var="name" value='${empty fn:escapeXml(param["name"]) ? "JSPX" : fn:escapeXml(param["name"])}'/> > <g id="testContent"> > <text class="title" x="50%" y="10%" font-size="15" text-anchor="middle" > > JSP 2.0 XML Syntax (.jspx) Demo</text> >Index: jsr152/examples/snp/snoop.jsp >=================================================================== >RCS file: /home/cvs/jakarta-servletapi-5/jsr152/examples/snp/snoop.jsp,v >retrieving revision 1.2 >diff -u -r1.2 snoop.jsp >--- jsr152/examples/snp/snoop.jsp 18 Mar 2004 16:40:31 -0000 1.2 >+++ jsr152/examples/snp/snoop.jsp 5 Jan 2005 11:15:06 -0000 >@@ -18,7 +18,7 @@ > <body bgcolor="white"> > <h1> Request Information </h1> > <font size="4"> >-JSP Request Method: <%= request.getMethod() %> >+JSP Request Method: <% out.print(util.HTMLFilter.filter(request.getMethod())); %> > <br> > Request URI: <%= request.getRequestURI() %> > <br> >@@ -32,7 +32,7 @@ > <br> > Content length: <%= request.getContentLength() %> > <br> >-Content type: <%= request.getContentType() %> >+Content type: <% out.print(util.HTMLFilter.filter(request.getContentType())); %> > <br> > Server name: <%= request.getServerName() %> > <br>
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 32953
: 13896