[jspwiki] branch master updated: 2.11.3-git-05 Weblog plugin xss protection

[brushed]

This is an automated email from the ASF dual-hosted git repository.

brushed pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jspwiki.git


The following commit(s) were added to refs/heads/master by this push:
     new c5ff7ab  2.11.3-git-05  Weblog plugin xss protection
c5ff7ab is described below

commit c5ff7ab6056dfb938371b974b478b629ed3415d9
Author: brushed <dirk.frederi...@gmail.com>
AuthorDate: Mon Mar 28 21:26:55 2022 +0200

    2.11.3-git-05  Weblog plugin xss protection
---
 ChangeLog.md                                                       | 7 +++++++
 jspwiki-api/src/main/java/org/apache/wiki/api/Release.java         | 2 +-
 .../src/main/java/org/apache/wiki/plugin/WeblogPlugin.java         | 2 +-
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/ChangeLog.md b/ChangeLog.md
index 04daecc..67d3d5f 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -17,6 +17,13 @@ specific language governing permissions and limitations
 under the License.
 -->
 
+**2022-03-28  Dirk Frederickx (brushed AT apache DOT org)**
+
+* _2.11.3-git-05_
+
+* Weblog plugin: sanities the plugin output to protect against Xss attacks.
+
+
 **2022-03-22  Juan Pablo Santos (juanpablo AT apache DOT org)**
 
 * _2.11.3-git-04_
diff --git a/jspwiki-api/src/main/java/org/apache/wiki/api/Release.java 
b/jspwiki-api/src/main/java/org/apache/wiki/api/Release.java
index 1e01d18..e8adcb1 100644
--- a/jspwiki-api/src/main/java/org/apache/wiki/api/Release.java
+++ b/jspwiki-api/src/main/java/org/apache/wiki/api/Release.java
@@ -69,7 +69,7 @@ public final class Release {
      *  <p>
      *  If the build identifier is empty, it is not added.
      */
-    public static final String     BUILD         = "04";
+    public static final String     BUILD         = "05";
 
     /**
      *  This is the generic version string you should use when printing out 
the version.  It is of
diff --git 
a/jspwiki-main/src/main/java/org/apache/wiki/plugin/WeblogPlugin.java 
b/jspwiki-main/src/main/java/org/apache/wiki/plugin/WeblogPlugin.java
index fe6ba1a..a8b5592 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/plugin/WeblogPlugin.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/plugin/WeblogPlugin.java
@@ -223,7 +223,7 @@ public class WeblogPlugin implements Plugin, 
ParserStagePlugin {
                 startTime.setTime( d );
                 stopTime.setTime( d );
             } catch( final ParseException e ) {
-                return "Illegal time format: "+startDay;
+                return "Illegal time format: "+ 
TextUtil.replaceEntities(startDay);
             }
         }