Author: jleroux Revision: 1759555 Modified property: svn:log Modified: svn:log at Thu Sep 22 16:50:39 2016 ------------------------------------------------------------------------------ --- svn:log (original) +++ svn:log Thu Sep 22 16:50:39 2016 @@ -5,3 +5,4 @@ An attacker can pass arbitary commands v This fixes it using 2 redundant mechanisms (better safe than sorry): 1) linkUrl = URLEncoder.encode(linkUrl, "UTF-8"); +2) sr.append("\" linkUrl=r\"");