Author: asanso
Date: Fri Jun 26 07:31:10 2015
New Revision: 1687690

URL: http://svn.apache.org/r1687690
Log:
SLING-4836 - Escape output in Apache Sling Feature Flags webconsole plugin 
* applied patch from  Alexandre Collignon (Thanks!)

Modified:
    
sling/trunk/bundles/extensions/feature-flags/src/main/java/org/apache/sling/featureflags/impl/FeatureManager.java

Modified: 
sling/trunk/bundles/extensions/feature-flags/src/main/java/org/apache/sling/featureflags/impl/FeatureManager.java
URL: 
http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/feature-flags/src/main/java/org/apache/sling/featureflags/impl/FeatureManager.java?rev=1687690&r1=1687689&r2=1687690&view=diff
==============================================================================
--- 
sling/trunk/bundles/extensions/feature-flags/src/main/java/org/apache/sling/featureflags/impl/FeatureManager.java
 (original)
+++ 
sling/trunk/bundles/extensions/feature-flags/src/main/java/org/apache/sling/featureflags/impl/FeatureManager.java
 Fri Jun 26 07:31:10 2015
@@ -45,6 +45,7 @@ import org.apache.felix.scr.annotations.
 import org.apache.felix.scr.annotations.ReferenceCardinality;
 import org.apache.felix.scr.annotations.ReferencePolicy;
 import org.apache.felix.scr.annotations.Service;
+import org.apache.sling.api.request.ResponseUtil;
 import org.apache.sling.featureflags.Feature;
 import org.apache.sling.featureflags.Features;
 import org.osgi.framework.Constants;
@@ -155,8 +156,8 @@ public class FeatureManager implements F
                 
pw.println("<tr><th>Name</th><th>Description</th><th>Enabled</th></tr>");
                 final ExecutionContextImpl ctx = getCurrentExecutionContext();
                 for (final Feature feature : features) {
-                    pw.printf("<tr><td>%s</td><td>%s</td><td>%s</td></tr>%n", 
feature.getName(),
-                        feature.getDescription(), ctx.isEnabled(feature));
+                    pw.printf("<tr><td>%s</td><td>%s</td><td>%s</td></tr>%n", 
ResponseUtil.escapeXml(feature.getName()),
+                            ResponseUtil.escapeXml(feature.getDescription()), 
ctx.isEnabled(feature));
                 }
                 pw.println("</table>");
             }


Reply via email to