summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChris Austin2012-04-04 05:44:42 (EDT)
committer Dani Megert2012-04-04 06:11:13 (EDT)
commit27d3b4af37e4b391a40c2fda8c8ff7ecd0b2784e (patch)
treef330e27020a76df99c7a3943a26653754e68be38
parent12bb51123192e5c4cadac328f952a7630672c0b1 (diff)
downloadeclipse.platform.ua-27d3b4af37e4b391a40c2fda8c8ff7ecd0b2784e.zip
eclipse.platform.ua-27d3b4af37e4b391a40c2fda8c8ff7ecd0b2784e.tar.gz
eclipse.platform.ua-27d3b4af37e4b391a40c2fda8c8ff7ecd0b2784e.tar.bz2
Fixed bug 375751: [Help] Security vulnerabilities in deferredView.jsp
-rw-r--r--org.eclipse.help.webapp/advanced/deferredView.jsp9
1 files changed, 7 insertions, 2 deletions
diff --git a/org.eclipse.help.webapp/advanced/deferredView.jsp b/org.eclipse.help.webapp/advanced/deferredView.jsp
index 6a7a1e0..f30777c 100644
--- a/org.eclipse.help.webapp/advanced/deferredView.jsp
+++ b/org.eclipse.help.webapp/advanced/deferredView.jsp
@@ -1,5 +1,5 @@
<%--
- Copyright (c) 2006, 2010 IBM Corporation and others.
+ Copyright (c) 2006, 2012 IBM Corporation and others.
All rights reserved. This program and the accompanying materials
are made available under the terms of the Eclipse Public License v1.0
which accompanies this distribution, and is available at
@@ -13,6 +13,11 @@
<%
RequestData data = new RequestData(application, request, response);
WebappPreferences prefs = data.getPrefs();
+
+ String baseURL = request.getRequestURL().toString();
+ baseURL = baseURL.substring(0,baseURL.lastIndexOf("/")+1);
+
+ String href = baseURL+request.getParameter("href");
%>
<html lang="<%=ServletResources.getString("locale", request)%>">
@@ -22,7 +27,7 @@
<script language="JavaScript">
function onloadHandler() {
- location.href="<%=UrlUtil.JavaScriptEncode(request.getParameter("href"))%>";
+ location.href="<%=UrlUtil.JavaScriptEncode(href)%>";
}
</script>