diff options
author | Laurence Labonté | 2019-10-02 17:23:11 +0000 |
---|---|---|
committer | Laurence Labonté | 2019-10-02 17:32:33 +0000 |
commit | 1118a515ccd3d23ab8a00cc6a28c78b056982827 (patch) | |
tree | 483aa2ef2bc1016e140fd99a2fbb8ebcba8525ac | |
parent | 2fc415762e0f4b114215510dedfaeb6fca44cb78 (diff) | |
download | eclipse.platform.ua-1118a515ccd3d23ab8a00cc6a28c78b056982827.tar.gz eclipse.platform.ua-1118a515ccd3d23ab8a00cc6a28c78b056982827.tar.xz eclipse.platform.ua-1118a515ccd3d23ab8a00cc6a28c78b056982827.zip |
Bug 551680 - [Webapp][Security] XSS in query paramI20191003-1800I20191002-1800
Use "URLEncoder.encode()" to encode the query param
Change-Id: I72d44b483e4ee87313fd931e82fefdd33ddbaa7a
Signed-off-by: Laurence Labonté <laurence.labonte@xmedius.com>
-rw-r--r-- | org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/servlet/FramesetFilter.java | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/servlet/FramesetFilter.java b/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/servlet/FramesetFilter.java index 4024abfea..d3325b7ce 100644 --- a/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/servlet/FramesetFilter.java +++ b/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/servlet/FramesetFilter.java @@ -77,6 +77,7 @@ public class FramesetFilter implements IFilter { // Bug 317055 - [webapp] URLEncode url requests from local users url = URLEncoder.encode(url, "UTF-8"); //$NON-NLS-1$ if ( query != null ) { + query = URLEncoder.encode(query, "UTF-8"); //$NON-NLS-1$ url = url + UrlUtil.JavaScriptEncode("&") + query; //$NON-NLS-1$ } script.append(url); |