Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLaurence Labonté2019-10-02 17:23:11 +0000
committerLaurence Labonté2019-10-02 17:32:33 +0000
commit1118a515ccd3d23ab8a00cc6a28c78b056982827 (patch)
tree483aa2ef2bc1016e140fd99a2fbb8ebcba8525ac
parent2fc415762e0f4b114215510dedfaeb6fca44cb78 (diff)
downloadeclipse.platform.ua-1118a515ccd3d23ab8a00cc6a28c78b056982827.tar.gz
eclipse.platform.ua-1118a515ccd3d23ab8a00cc6a28c78b056982827.tar.xz
eclipse.platform.ua-1118a515ccd3d23ab8a00cc6a28c78b056982827.zip
Bug 551680 - [Webapp][Security] XSS in query paramI20191003-1800I20191002-1800
Use "URLEncoder.encode()" to encode the query param Change-Id: I72d44b483e4ee87313fd931e82fefdd33ddbaa7a Signed-off-by: Laurence Labonté <laurence.labonte@xmedius.com>
Diffstat
-rw-r--r--org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/servlet/FramesetFilter.java1
1 files changed, 1 insertions, 0 deletions
diff --git a/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/servlet/FramesetFilter.java b/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/servlet/FramesetFilter.java
index 4024abfea..d3325b7ce 100644
--- a/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/servlet/FramesetFilter.java
+++ b/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/servlet/FramesetFilter.java
@@ -77,6 +77,7 @@ public class FramesetFilter implements IFilter {
// Bug 317055 - [webapp] URLEncode url requests from local users
url = URLEncoder.encode(url, "UTF-8"); //$NON-NLS-1$
if ( query != null ) {
+ query = URLEncoder.encode(query, "UTF-8"); //$NON-NLS-1$
url = url + UrlUtil.JavaScriptEncode("&") + query; //$NON-NLS-1$
}
script.append(url);

Back to the top