diff options
| author | Sergey Fukanchik | 2018-09-27 18:43:50 +0000 |
|---|---|---|
| committer | Sergey Fukanchik | 2018-09-27 18:43:50 +0000 |
| commit | d993d1ac71fe5f84af360db62223a74590a13371 (patch) | |
| tree | a8c8aa02ec71e4b610ae0123ad1753cbc051e081 | |
| parent | aee3c57d6f6ae3058c14c28552684329e03676cc (diff) | |
| download | eclipse.platform.ua-d993d1ac71fe5f84af360db62223a74590a13371.tar.gz eclipse.platform.ua-d993d1ac71fe5f84af360db62223a74590a13371.tar.xz eclipse.platform.ua-d993d1ac71fe5f84af360db62223a74590a13371.zip | |
Bug 538726 - Eclipse Help Server XSS
Wrap UrlUtil.JavaScriptEncode() around data.getTitle(). Same approach
was used earlier in the same file.
Change-Id: I7103b7cc286d51f577afaba349c46dc21819bfd2
Signed-off-by: Sergey Fukanchik <fukanchik@gmail.com>
| -rw-r--r-- | org.eclipse.help.webapp/advanced/toolbar.jsp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/org.eclipse.help.webapp/advanced/toolbar.jsp b/org.eclipse.help.webapp/advanced/toolbar.jsp index 87ed5caeb..d5c3f673d 100644 --- a/org.eclipse.help.webapp/advanced/toolbar.jsp +++ b/org.eclipse.help.webapp/advanced/toolbar.jsp @@ -452,7 +452,7 @@ if(buttons.length > 0){ <tr> <td nowrap style="font: <%=prefs.getToolbarFont()%>" valign="middle"> - <div id="titleTextTableDiv" style="overflow:hidden; height:22px;"><table><tr><td nowrap style="font:<%=prefs.getToolbarFont()%>"><div id="titleText" > <%=data.getTitle()%></div></td></tr></table> + <div id="titleTextTableDiv" style="overflow:hidden; height:22px;"><table><tr><td nowrap style="font:<%=prefs.getToolbarFont()%>"><div id="titleText" > <%= UrlUtil.JavaScriptEncode(data.getTitle()) %></div></td></tr></table> </div> |