Re: geronimo 1.0 - CSS vulnerabilities - response from Tomcat team

[Kevan Miller]

Presumably in response to Dave's email to Tomcat, the following changes were made to Tomcat samples, yesterday afternoon: From:   [EMAIL PROTECTED] Subject: svn commit: r369933 - in /tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples: cal/cal2.jsp security/protected/index.jsp Date: January 17, 2006 4:52:05 PM EST To:   tomcat-dev@jakarta.apache.org Reply-To:   dev@tomcat.apache.org Author: markt Date: Tue Jan 17 13:52:02 2006 New Revision: 369933 URL: http://svn.apache.org/viewcvs?rev=369933&view=rev Log: Fix XSS issues in examples. Modified:     tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/cal/cal2.jsp     tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/security/protected/index.jsp Modified: tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/cal/cal2.jsp URL: http://svn.apache.org/viewcvs/tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/cal/cal2.jsp?rev=369933&r1=369932&r2=369933&view=diff ============================================================================== --- tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/cal/cal2.jsp (original) +++ tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/cal/cal2.jsp Tue Jan 17 13:52:02 2006 @@ -29,12 +29,12 @@  <FONT SIZE=5> Please add the following event:  <BR> <h3> Date <%= table.getDate() %> -<BR> Time <%= time %> </h3> +<BR> Time <%= util.HTMLFilter.filter(time) %> </h3>  </FONT>  <FORM METHOD=POST ACTION="">  <BR>   <BR> <INPUT NAME="date" TYPE=HIDDEN VALUE="current"> -<BR> <INPUT NAME="time" TYPE=HIDDEN VALUE=<%= time %> +<BR> <INPUT NAME="time" TYPE=HIDDEN VALUE=<%= util.HTMLFilter.filter(time) %>  <BR> <h2> Description of the event <INPUT NAME="description" TYPE=TEXT SIZE=20> </h2>  <BR> <INPUT TYPE=SUBMIT VALUE="submit">  </FORM> Modified: tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/security/protected/index.jsp URL: http://svn.apache.org/viewcvs/tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/security/protected/index.jsp?rev=369933&r1=369932&r2=369933&view=diff ============================================================================== --- tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/security/protected/index.jsp (original) +++ tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/security/protected/index.jsp Tue Jan 17 13:52:02 2006 @@ -49,11 +49,13 @@    if (role.length() > 0) {      if (request.isUserInRole(role)) {  %> -      You have been granted role <b><%= role %></b><br><br> +      You have been granted role +      <b><%= util.HTMLFilter.filter(role) %></b><br><br>  <%      } else {  %> -      You have <i>not</i> been granted role <b><%= role %></b><br><br> +      You have <i>not</i> been granted role +      <b><%= util.HTMLFilter.filter(role) %></b><br><br>  <%      }    } @@ -62,7 +64,7 @@  To check whether your username has been granted a particular role,  enter it here:  <form method="GET" action=''> -<input type="text" name="role" value="<%= role %>"> +<input type="text" name="role" value="<%= util.HTMLFilter.filter(role) %>">  </form>  <br><br> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] From:   [EMAIL PROTECTED] Subject: svn commit: r369934 - /tomcat/container/tc5.5.x/webapps/docs/changelog.xml Date: January 17, 2006 4:53:04 PM EST To:   tomcat-dev@jakarta.apache.org Reply-To:   dev@tomcat.apache.org Author: markt Date: Tue Jan 17 13:53:01 2006 New Revision: 369934 URL: http://svn.apache.org/viewcvs?rev=369934&view=rev Log: Update changelog. Modified:     tomcat/container/tc5.5.x/webapps/docs/changelog.xml Modified: tomcat/container/tc5.5.x/webapps/docs/changelog.xml URL: http://svn.apache.org/viewcvs/tomcat/container/tc5.5.x/webapps/docs/changelog.xml?rev=369934&r1=369933&r2=369934&view=diff ============================================================================== --- tomcat/container/tc5.5.x/webapps/docs/changelog.xml (original) +++ tomcat/container/tc5.5.x/webapps/docs/changelog.xml Tue Jan 17 13:53:01 2006 @@ -76,6 +76,13 @@        </fix>      </changelog>    </subsection> +  <subsection name="Webapps"> +    <changelog> +      <fix> +        Fix some XSS issues in the JSP examples. (markt) +      </fix> +    </changelog> +  </subsection>  </section>  <section name="Tomcat 5.5.15 (yoavs)"> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] From:   [EMAIL PROTECTED] Subject: svn commit: r369935 - in /tomcat/container/branches/tc4.1.x/webapps/examples/jsp: cal/cal2.jsp security/protected/index.jsp Date: January 17, 2006 4:53:53 PM EST To:   tomcat-dev@jakarta.apache.org Reply-To:   dev@tomcat.apache.org Author: markt Date: Tue Jan 17 13:53:49 2006 New Revision: 369935 URL: http://svn.apache.org/viewcvs?rev=369935&view=rev Log: Fix XSS issues in examples. Modified:     tomcat/container/branches/tc4.1.x/webapps/examples/jsp/cal/cal2.jsp     tomcat/container/branches/tc4.1.x/webapps/examples/jsp/security/protected/index.jsp Modified: tomcat/container/branches/tc4.1.x/webapps/examples/jsp/cal/cal2.jsp URL: http://svn.apache.org/viewcvs/tomcat/container/branches/tc4.1.x/webapps/examples/jsp/cal/cal2.jsp?rev=369935&r1=369934&r2=369935&view=diff ============================================================================== --- tomcat/container/branches/tc4.1.x/webapps/examples/jsp/cal/cal2.jsp (original) +++ tomcat/container/branches/tc4.1.x/webapps/examples/jsp/cal/cal2.jsp Tue Jan 17 13:53:49 2006 @@ -18,12 +18,12 @@  <FONT SIZE=5> Please add the following event:  <BR> <h3> Date <%= table.getDate() %> -<BR> Time <%= time %> </h3> +<BR> Time <%= util.HTMLFilter.filter(time) %> </h3>  </FONT>  <FORM METHOD=POST ACTION="">  <BR>   <BR> <INPUT NAME="date" TYPE=HIDDEN VALUE="current"> -<BR> <INPUT NAME="time" TYPE=HIDDEN VALUE=<%= time %> +<BR> <INPUT NAME="time" TYPE=HIDDEN VALUE=<%= util.HTMLFilter.filter(time) %>  <BR> <h2> Description of the event <INPUT NAME="description" TYPE=TEXT SIZE=20> </h2>  <BR> <INPUT TYPE=SUBMIT VALUE="submit">  </FORM> Modified: tomcat/container/branches/tc4.1.x/webapps/examples/jsp/security/protected/index.jsp URL: http://svn.apache.org/viewcvs/tomcat/container/branches/tc4.1.x/webapps/examples/jsp/security/protected/index.jsp?rev=369935&r1=369934&r2=369935&view=diff ============================================================================== --- tomcat/container/branches/tc4.1.x/webapps/examples/jsp/security/protected/index.jsp (original) +++ tomcat/container/branches/tc4.1.x/webapps/examples/jsp/security/protected/index.jsp Tue Jan 17 13:53:49 2006 @@ -34,11 +34,13 @@    if (role.length() > 0) {      if (request.isUserInRole(role)) {  %> -      You have been granted role <b><%= role %></b><br><br> +      You have been granted role +      <b><%= util.HTMLFilter.filter(role) %></b><br><br>  <%      } else {  %> -      You have <i>not</i> been granted role <b><%= role %></b><br><br> +      You have <i>not</i> been granted role +      <b><%= util.HTMLFilter.filter(role) %></b><br><br>  <%      }    } @@ -47,7 +49,7 @@  To check whether your username has been granted a particular role,  enter it here:  <form method="GET" action=''> -<input type="text" name="role" value="<%= role %>"> +<input type="text" name="role" value="<%= util.HTMLFilter.filter(role) %>">  </form>  <br><br> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]