Merge pull request #3628 from cnsgithub/fixes-3623-terminal

fixes #3623 - XSS in terminal
primefaces · May 2, 2018 · 1d6df4c · 1d6df4c
2 parents a3f90e4 + 52dd59c
commit 1d6df4c
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/src/main/java/org/primefaces/component/terminal/TerminalRenderer.java b/src/main/java/org/primefaces/component/terminal/TerminalRenderer.java
@@ -118,7 +118,7 @@ protected void handleCommand(FacesContext context, Terminal terminal) throws IOE
         String result = (String) commandHandler.invoke(context.getELContext(), new Object[]{command, args});
 
         ResponseWriter writer = context.getResponseWriter();
-        writer.write(result);
+        writer.writeText(result, null);
     }
 
     protected void autoCompleteCommand(FacesContext context, Terminal terminal) throws IOException {

diff --git a/src/main/resources/META-INF/resources/primefaces/terminal/terminal.js b/src/main/resources/META-INF/resources/primefaces/terminal/terminal.js
@@ -211,10 +211,10 @@ PrimeFaces.widget.Terminal = PrimeFaces.widget.BaseWidget.extend({
      * Internally used to add the content from the ajax response to the terminal.
      * Can also be used e.g. by a websocket.
      *
-     * @param {string} content
+     * @param {string} HTML escaped content
      */
     processResponse: function(content) {
-        $('<div></div>').text(content).appendTo(this.content.children().last());
+        $('<div>' + content + '</div>').appendTo(this.content.children().last());
 
         // always scroll down to the last item
         this.jq.scrollTop(this.jq[0].scrollHeight);