diff options
| author | Chris Austin | 2012-04-04 09:44:42 +0000 |
|---|---|---|
| committer | Dani Megert | 2012-04-04 10:11:13 +0000 |
| commit | 27d3b4af37e4b391a40c2fda8c8ff7ecd0b2784e (patch) | |
| tree | f330e27020a76df99c7a3943a26653754e68be38 | |
| parent | 12bb51123192e5c4cadac328f952a7630672c0b1 (diff) | |
| download | eclipse.platform.ua-27d3b4af37e4b391a40c2fda8c8ff7ecd0b2784e.tar.gz eclipse.platform.ua-27d3b4af37e4b391a40c2fda8c8ff7ecd0b2784e.tar.xz eclipse.platform.ua-27d3b4af37e4b391a40c2fda8c8ff7ecd0b2784e.zip | |
Fixed bug 375751: [Help] Security vulnerabilities in deferredView.jsp
| -rw-r--r-- | org.eclipse.help.webapp/advanced/deferredView.jsp | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/org.eclipse.help.webapp/advanced/deferredView.jsp b/org.eclipse.help.webapp/advanced/deferredView.jsp index 6a7a1e0f0..f30777c72 100644 --- a/org.eclipse.help.webapp/advanced/deferredView.jsp +++ b/org.eclipse.help.webapp/advanced/deferredView.jsp @@ -1,5 +1,5 @@ <%-- - Copyright (c) 2006, 2010 IBM Corporation and others. + Copyright (c) 2006, 2012 IBM Corporation and others. All rights reserved. This program and the accompanying materials are made available under the terms of the Eclipse Public License v1.0 which accompanies this distribution, and is available at @@ -13,6 +13,11 @@ <% RequestData data = new RequestData(application, request, response); WebappPreferences prefs = data.getPrefs(); + + String baseURL = request.getRequestURL().toString(); + baseURL = baseURL.substring(0,baseURL.lastIndexOf("/")+1); + + String href = baseURL+request.getParameter("href"); %> <html lang="<%=ServletResources.getString("locale", request)%>"> @@ -22,7 +27,7 @@ <script language="JavaScript"> function onloadHandler() { - location.href="<%=UrlUtil.JavaScriptEncode(request.getParameter("href"))%>"; + location.href="<%=UrlUtil.JavaScriptEncode(href)%>"; } </script> |