fix(security): remove unnecessary localization logic

Removed unnecessary localization logic that dynamically set the locale based on request parameters to mitigate a XSS vulnerability. Since our system does not support multiple languages, replaced it with a static default locale of `en`.
eclipse · May 16, 2024 · b038951 · b038951
1 parent 9a60262
commit b038951
Showing 1 changed file with 1 addition and 8 deletions.
diff --git a/console/web/src/main/webapp/console.jsp b/console/web/src/main/webapp/console.jsp
@@ -32,14 +32,7 @@
         <meta http-equiv="content-type" content="text/html; charset=UTF-8">
         <meta http-equiv="X-UA-Compatible" content="IE=9">
 
-        <!-- Manage the localization of the console -->
-        <% if (request.getParameter("l") != null) {  %>
-        	<meta name="gwt:property" content="locale=<%=request.getParameter("l")%>">
-        <% } else if (request.getHeader("Accept-Language") != null) { %>
-	        <meta name="gwt:property" content="locale=<%=request.getHeader("Accept-Language").split(",")[0]%>">
-        <% } else { %>
-	        <meta name="gwt:property" content="locale=en">
-	    <% } %>
+        <meta name="gwt:property" content="locale=en">
 
         <!--
             Favicon and title definition