Summary: | currentQueryString not escaped in status XML | ||
---|---|---|---|
Product: | Tomcat 5 | Reporter: | Mark Smithson <mark> |
Component: | Webapps:Manager | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | P3 | ||
Version: | 5.0.27 | ||
Target Milestone: | --- | ||
Hardware: | PC | ||
OS: | Linux | ||
Attachments: | Very simple fix in the StatusTransformer calls in the manager webapp |
Description
Mark Smithson
2004-09-04 14:36:44 UTC
Created attachment 12648 [details]
Very simple fix in the StatusTransformer calls in the manager webapp
Wouldn't it be better to escape all xml characters here? For example what about '>' and '<'? I am not intimate with the source, but is there an xmlEncode function available somewhere that could be used? I would hope so but I'm not that familiar with the code either :) OK, fixed for both 5.0.29 and 5.5.3. Used org.apache.catalina.util.RequestUtil#filter, which does XML-escaping properly I think. |