Skip to content

Commit

Permalink
*) Safer way to avoid XSS in wiki (edit & preview).
Browse files Browse the repository at this point in the history 
git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@1761 6c8d7289-2bf4-0310-a012-ef5d649a1542
  • Loading branch information
low012 committed Feb 24, 2006
1 parent f831115 commit 930bd4a
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions htroot/Wiki.java
View file
Expand Up @@ -118,7 +118,7 @@ public static serverObjects respond(httpHeader header, serverObjects post, serve
try {
prop.put("mode", 1); //edit
prop.put("mode_author", author);
prop.put("mode_page-code", new String(page.page(), "UTF-8").replaceAll("</textarea>","<&#047;textarea>"));
prop.put("mode_page-code", new String(page.page(), "UTF-8").replaceAll("<","&lt;").replaceAll(">","&gt;"));
prop.put("mode_pagename", pagename);
} catch (UnsupportedEncodingException e) {}
}
Expand All @@ -132,7 +132,7 @@ else if (post.containsKey("preview")) {
prop.put("mode_author", author);
prop.put("mode_date", dateString(new Date()));
prop.put("mode_page", wikiTransformer.transform(post.get("content", "")));
prop.put("mode_page-code", post.get("content", "").replaceAll("</textarea>","<&#047;textarea>"));
prop.put("mode_page-code", post.get("content", "").replaceAll("<","&lt;").replaceAll(">","&gt;"));
}
//end contrib of [MN]

Expand Down

0 comments on commit 930bd4a

Please sign in to comment.