[JM-629] Fixed cross site scripting bug in login page.

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@10765 b35dd754-fafc-0310-a699-88a17e54d16e

[JM-629] Fixed cross site scripting bug in login page.
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@10765 b35dd754-fafc-0310-a699-88a17e54d16e
3e896bc0 · Daniel Henninger · dhenninger · 14b69a15 · 3e896bc0
Commit 3e896bc0 authored Aug 25, 2008 by Daniel Henninger Committed by dhenninger Aug 25, 2008
Show whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

login.jsp src/web/login.jsp +1 -0

No files found.
--- a/src/web/login.jsp
+++ b/src/web/login.jsp
@@ -54,6 +54,7 @@

    String password = ParamUtils.getParameter(request, "password");
    String url = ParamUtils.getParameter(request, "url");
+    url = org.jivesoftware.util.StringUtils.escapeHTMLTags(url);

    // SSO between cluster nodes
    String secret = ParamUtils.getParameter(request, "secret");