CVE-2022-27207 - fixed stored XSS vulnerability (#38)

* URL encode string parameters

* Use platform default encoding

src/main/java/hudson/plugins/global_build_stats/model/AbstractBuildStatChartDimension.java

@@ -5,6 +5,7 @@
 import hudson.util.StackedAreaRenderer2;
 
 import java.awt.Color;
+import java.net.URLEncoder;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
@@ -109,7 +110,7 @@ public String generateURL(CategoryDataset dataset, int row, int column) {
 	                boolean notBuildShown=Messages.Build_Results_Item_Legend_Statuses_NOT_BUILD().equals(status);
 
 	                StringBuilder sb = new StringBuilder()
-	                	.append("buildHistory?jobFilter=").append(config.getBuildFilters().getJobFilter())
+	                	.append("buildHistory?jobFilter=").append(URLEncoder.encode(config.getBuildFilters().getJobFilter()))
 	                	.append("&start=").append(range.getStart().getTimeInMillis())
 	                	.append("&end=").append(range.getEnd().getTimeInMillis())
 	                	.append("&successShown=").append(successShown)
@@ -118,10 +119,10 @@ public String generateURL(CategoryDataset dataset, int row, int column) {
 	                	.append("&abortedShown=").append(abortedShown)
 	                	.append("&notBuildShown=").append(notBuildShown);
 	                if(config.getBuildFilters().getNodeFilter() != null){
-	                	sb.append("&nodeFilter=").append(config.getBuildFilters().getNodeFilter());
+	                	sb.append("&nodeFilter=").append(URLEncoder.encode(config.getBuildFilters().getNodeFilter()));
 	                }
 	                if(config.getBuildFilters().getLauncherFilter() != null){
-	                	sb.append("&launcherFilter=").append(config.getBuildFilters().getLauncherFilter());
+	                	sb.append("&launcherFilter=").append(URLEncoder.encode(config.getBuildFilters().getLauncherFilter()));
 	                }
 	                return sb.toString();
 	            }