Skip to content

Commit

Permalink
WW-2414 - failsafe sanitization of querystring params
Browse files Browse the repository at this point in the history
git-svn-id: https://svn.apache.org/repos/asf/struts/struts2/trunk@614814 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information
James Mitchell committed Jan 24, 2008
1 parent 28ee8f7 commit 09147ff
Showing 1 changed file with 7 additions and 3 deletions.
10 changes: 7 additions & 3 deletions core/src/main/java/org/apache/struts2/views/util/UrlHelper.java
Original file line number Diff line number Diff line change
Expand Up @@ -174,10 +174,14 @@ else if ((scheme != null) && !scheme.equals(request.getScheme())) {
buildParametersString(params, link, "&");
}

String result;

String result = link.toString();

if (result.indexOf("<script>") >= 0){
result = result.replaceAll("<script>", "script");
}

try {
result = encodeResult ? response.encodeURL(link.toString()) : link.toString();
result = encodeResult ? response.encodeURL(result) : result;
} catch (Exception ex) {
// Could not encode the URL for some reason
// Use it unchanged
Expand Down

0 comments on commit 09147ff

Please sign in to comment.