Author: asanso
Date: Fri Jun 26 07:31:10 2015
New Revision: 1687690
URL: http://svn.apache.org/r1687690
Log:
SLING-4836 - Escape output in Apache Sling Feature Flags webconsole plugin
* applied patch from Alexandre Collignon (Thanks!)
Modified:
sling/trunk/bundles/extensions/feature-flags/src/main/java/org/apache/sling/featureflags/impl/FeatureManager.java
Modified:
sling/trunk/bundles/extensions/feature-flags/src/main/java/org/apache/sling/featureflags/impl/FeatureManager.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/feature-flags/src/main/java/org/apache/sling/featureflags/impl/FeatureManager.java?rev=1687690&r1=1687689&r2=1687690&view=diff
==============================================================================
---
sling/trunk/bundles/extensions/feature-flags/src/main/java/org/apache/sling/featureflags/impl/FeatureManager.java
(original)
+++
sling/trunk/bundles/extensions/feature-flags/src/main/java/org/apache/sling/featureflags/impl/FeatureManager.java
Fri Jun 26 07:31:10 2015
@@ -45,6 +45,7 @@ import org.apache.felix.scr.annotations.
import org.apache.felix.scr.annotations.ReferenceCardinality;
import org.apache.felix.scr.annotations.ReferencePolicy;
import org.apache.felix.scr.annotations.Service;
+import org.apache.sling.api.request.ResponseUtil;
import org.apache.sling.featureflags.Feature;
import org.apache.sling.featureflags.Features;
import org.osgi.framework.Constants;
@@ -155,8 +156,8 @@ public class FeatureManager implements F
pw.println("<tr><th>Name</th><th>Description</th><th>Enabled</th></tr>");
final ExecutionContextImpl ctx = getCurrentExecutionContext();
for (final Feature feature : features) {
- pw.printf("<tr><td>%s</td><td>%s</td><td>%s</td></tr>%n",
feature.getName(),
- feature.getDescription(), ctx.isEnabled(feature));
+ pw.printf("<tr><td>%s</td><td>%s</td><td>%s</td></tr>%n",
ResponseUtil.escapeXml(feature.getName()),
+ ResponseUtil.escapeXml(feature.getDescription()),
ctx.isEnabled(feature));
}
pw.println("</table>");
}