fixed XSS issue in demo CometDump servlet

git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/branches/jetty-7.0.0.x@950 7e9141cc-0065-0410-87d8-b60c137991c4

2 files changed, 13 insertions, 1 deletions

diff --git a/VERSION.txt b/VERSION.txt
index dcaa22c35f..304254171c 100644
--- a/VERSION.txt
+++ b/VERSION.txt
@@ -1,4 +1,5 @@
 jetty-7.0.0.RC7-SNAPSHOT
+ + Fixed XSS issue in CookieDump demo servlet.
  + 289958 StatisticsServlet incorrectly adds StatisticsHandler
  + 290081 Eager consume LF after CR
 
diff --git a/test-jetty-webapp/src/main/java/com/acme/CookieDump.java b/test-jetty-webapp/src/main/java/com/acme/CookieDump.java
index 0fa216a012..cbd08324c8 100644
--- a/test-jetty-webapp/src/main/java/com/acme/CookieDump.java
+++ b/test-jetty-webapp/src/main/java/com/acme/CookieDump.java
@@ -85,7 +85,7 @@ public class CookieDump extends HttpServlet
         
         for (int i=0;cookies!=null && i<cookies.length;i++)
         {
-            out.println("<b>"+cookies[i].getName()+"</b>="+cookies[i].getValue()+"<br/>");
+            out.println("<b>"+deScript(cookies[i].getName())+"</b>="+deScript(cookies[i].getValue())+"<br/>");
         }
         
         out.println("<form action=\""+response.encodeURL(getURI(request))+"\" method=\"post\">"); 
@@ -110,5 +110,16 @@ public class CookieDump extends HttpServlet
             uri=request.getRequestURI();
         return uri;
     }
+
+    /* ------------------------------------------------------------ */
+    protected String deScript(String string)
+    {
+        if (string==null)
+            return null;
+        string=string.replace("&", "&amp;");
+        string=string.replace( "<", "&lt;");
+        string=string.replace( ">", "&gt;");
+        return string;
+    }
     
 }