This is an automated email from the ASF dual-hosted git repository. brushed pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/jspwiki.git
commit df20770f251a8d7431047e556b144ef24ee6a3a7 Author: brushed <[email protected]> AuthorDate: Thu Nov 24 10:19:53 2022 +0100 XSS vulnerability reported by Eugene Lim and Sng Jay Kai. --- jspwiki-main/src/main/java/org/apache/wiki/plugin/Search.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/jspwiki-main/src/main/java/org/apache/wiki/plugin/Search.java b/jspwiki-main/src/main/java/org/apache/wiki/plugin/Search.java index 2ee164274..2889e3e85 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/plugin/Search.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/plugin/Search.java @@ -29,6 +29,7 @@ import org.apache.wiki.api.plugin.Plugin; import org.apache.wiki.api.search.SearchResult; import org.apache.wiki.render.RenderingManager; import org.apache.wiki.search.SearchManager; +import org.apache.wiki.util.TextUtil; import org.apache.wiki.util.XHTML; import org.apache.wiki.util.XhtmlUtil; import org.jdom2.Element; @@ -88,7 +89,7 @@ public class Search implements Plugin { results = doBasicQuery( context, queryString ); context.setVariable( set, results ); } catch( final Exception e ) { - return "<div class='error'>" + e.getMessage() + "</div>\n"; + return "<div class='error'>" + TextUtil.replaceEntities(e.getMessage()) + "</div>\n"; } }
