Skip to main content
summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJesse McConnell2009-04-21 18:05:55 +0000
committerJesse McConnell2009-04-21 18:05:55 +0000
commit783ec5928a3f22b27c63f5faa5cd87b495a5d13d (patch)
tree852b436b06f0615802ef78031ee391a7e189e898
parent1bf5641e7f5f2a77315cb05c26d4746ffb89e29c (diff)
downloadorg.eclipse.jetty.project-783ec5928a3f22b27c63f5faa5cd87b495a5d13d.tar.gz
org.eclipse.jetty.project-783ec5928a3f22b27c63f5faa5cd87b495a5d13d.tar.xz
org.eclipse.jetty.project-783ec5928a3f22b27c63f5faa5cd87b495a5d13d.zip
[BUG-273101] Fix test failures on DefaultServletTest from Jetty6 migration.
git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@169 7e9141cc-0065-0410-87d8-b60c137991c4
Diffstat
-rw-r--r--VERSION.txt1
-rw-r--r--jetty-servlet/src/test/java/org/eclipse/jetty/servlet/DefaultServletTest.java11
2 files changed, 7 insertions, 5 deletions
diff --git a/VERSION.txt b/VERSION.txt
index 3a7379e34c..e0df365554 100644
--- a/VERSION.txt
+++ b/VERSION.txt
@@ -7,6 +7,7 @@ jetty-7.0.0.M1-SNAPSHOT
+ JETTY-983 DefaultServlet generates accept-ranges for cached/gzip content
+ 273011 JETTY-980 JETTY-992 Security / Directory Listing XSS present
+ 271536 Add supprot to IO for quietly closing Readers / Writers
+ + 273101 Fix DefaultServletTest XSS test case
jetty-7.0.0.M0
+ JETTY-496 Support inetd/xinetd through use of System.inheritedChannel()
diff --git a/jetty-servlet/src/test/java/org/eclipse/jetty/servlet/DefaultServletTest.java b/jetty-servlet/src/test/java/org/eclipse/jetty/servlet/DefaultServletTest.java
index 001f571118..50c3510bc7 100644
--- a/jetty-servlet/src/test/java/org/eclipse/jetty/servlet/DefaultServletTest.java
+++ b/jetty-servlet/src/test/java/org/eclipse/jetty/servlet/DefaultServletTest.java
@@ -45,7 +45,7 @@ public class DefaultServletTest extends TestCase
public void testListingXSS() throws Exception
{
- ServletHolder defholder = context.addServlet(DefaultServlet.class,"/*");
+ ServletHolder defholder = context.addServlet(DefaultServlet.class,"/listing/*");
defholder.setInitParameter("dirAllowed","true");
defholder.setInitParameter("redirectWelcome","false");
defholder.setInitParameter("gzip","false");
@@ -59,15 +59,16 @@ public class DefaultServletTest extends TestCase
defholder.setInitParameter("resourceBase",resBasePath);
StringBuffer req1 = new StringBuffer();
- req1.append("GET /context/org/mortbay/resource/;<script>window.alert(\"hi\");</script> HTTP/1.1\n");
+ req1.append("GET /context/listing/;<script>window.alert(\"hi\");</script> HTTP/1.1\n");
req1.append("Host: localhost\n");
+ req1.append("Connection: close\n");
req1.append("\n");
String response = connector.getResponses(req1.toString());
- assertResponseContains("org/mortbay/resource/one/",response);
- assertResponseContains("org/mortbay/resource/two/",response);
- assertResponseContains("org/mortbay/resource/three/",response);
+ assertResponseContains("listing/one/",response);
+ assertResponseContains("listing/two/",response);
+ assertResponseContains("listing/three/",response);
assertResponseNotContains("<script>",response);
}

Back to the top