OF-671: Prevent XSS for domain attribute on s2s config page

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@13647 b35dd754-fafc-0310-a699-88a17e54d16e

OF-671: Prevent XSS for domain attribute on s2s config page
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@13647 b35dd754-fafc-0310-a699-88a17e54d16e
1a4803a6 · Tom Evans · tevans · 3b014d02 · 1a4803a6
Commit 1a4803a6 authored May 10, 2013 by Tom Evans Committed by tevans May 10, 2013
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

server2server-settings.jsp src/web/server2server-settings.jsp +4 -0

No files found.
--- a/src/web/server2server-settings.jsp
+++ b/src/web/server2server-settings.jsp
@@ -46,6 +46,10 @@
    boolean serverAllowed = request.getParameter("serverAllowed") != null;
    boolean serverBlocked = request.getParameter("serverBlocked") != null;
    String domain = ParamUtils.getParameter(request,"domain");
+    // OF-671
+    if (domain != null) {
+    	domain = StringUtils.removeXSSCharacters(domain);
+    }
    String remotePort = ParamUtils.getParameter(request,"remotePort");
    boolean updateSucess = false;
    boolean allowSuccess = false;