Fixed security vulnerabilities. JM-1506

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@10939 b35dd754-fafc-0310-a699-88a17e54d16e

Fixed security vulnerabilities. JM-1506
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@10939 b35dd754-fafc-0310-a699-88a17e54d16e
53e06202 · Gaston Dombiak · gato · 347e9845 · 53e06202
Commit 53e06202 authored Dec 11, 2008 by Gaston Dombiak Committed by gato Dec 11, 2008
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 3 deletions

muc-room-summary.jsp src/web/muc-room-summary.jsp +3 -3

No files found.
--- a/src/web/muc-room-summary.jsp
+++ b/src/web/muc-room-summary.jsp
@@ -185,18 +185,18 @@
        <td width="45%" valign="middle">
            <% if (room.getName().equals(room.getNaturalLanguageName())) { %>
                 <a href="muc-room-edit-form.jsp?roomJID=<%= URLEncoder.encode(room.getJID().toBareJID(), "UTF-8") %>"title="<fmt:message key="global.click_edit" />">
-	                 <%=  room.getName() %>
+	                 <%=  StringUtils.escapeHTMLTags(room.getName()) %>
 	             </a>
            <% }
               else { %>
 	            <a href="muc-room-edit-form.jsp?roomJID=<%= URLEncoder.encode(room.getJID().toBareJID(), "UTF-8") %>"title="<fmt:message key="global.click_edit" />">
-                <%= room.getNaturalLanguageName() %> (<%=  room.getName() %>)
+                <%= StringUtils.escapeHTMLTags(room.getNaturalLanguageName()) %> (<%=  StringUtils.escapeHTMLTags(room.getName()) %>)
 	            </a>
            <% } %>
        </td>
        <td width="45%" valign="middle">
            <% if (!"".equals(room.getDescription())) { %>
-                <%= room.getDescription() %>
+                <%= StringUtils.escapeHTMLTags(room.getDescription()) %>
            <% }
               else { %>
                &nbsp;