Author: klaas
Date: Thu Jun 19 19:20:39 2008
New Revision: 669766
URL: http://svn.apache.org/viewvc?rev=669766&view=rev
Log:
fix XSS vulnerability in analysis page
Modified:
lucene/solr/trunk/src/webapp/web/admin/analysis.jsp
Modified: lucene/solr/trunk/src/webapp/web/admin/analysis.jsp
URL:
http://svn.apache.org/viewvc/lucene/solr/trunk/src/webapp/web/admin/analysis.jsp?rev=669766&r1=669765&r2=669766&view=diff
==============================================================================
--- lucene/solr/trunk/src/webapp/web/admin/analysis.jsp (original)
+++ lucene/solr/trunk/src/webapp/web/admin/analysis.jsp Thu Jun 19 19:20:39 2008
@@ -122,12 +122,16 @@
try {
field = schema.getField(name);
} catch (Exception e) {
- out.println("<strong>Unknown Field: " + name + "</strong>");
+ out.print("<strong>Unknown Field: ");
+ XML.escapeCharData(name, out);
+ out.println("</strong>");
}
} else {
FieldType t = schema.getFieldTypes().get(name);
if (null == t) {
- out.println("<strong>Unknown Field Type: " + name + "</strong>");
+ out.print("<strong>Unknown Field Type: ");
+ XML.escapeCharData(name, out);
+ out.println("</strong>");
} else {
field = new SchemaField("fakefieldoftype:"+name, t);
}
