Commit baf3ce2a authored by Dave Cridland's avatar Dave Cridland Committed by Guus der Kinderen

OF-1018 Close XSS in Cert details page

parent 38afc3ca
...@@ -4,6 +4,7 @@ ...@@ -4,6 +4,7 @@
<%@ page import="org.jivesoftware.openfire.keystore.CertificateStoreManager"%> <%@ page import="org.jivesoftware.openfire.keystore.CertificateStoreManager"%>
<%@ page import="org.jivesoftware.openfire.spi.ConnectionType"%> <%@ page import="org.jivesoftware.openfire.spi.ConnectionType"%>
<%@ page import="org.jivesoftware.util.ParamUtils"%> <%@ page import="org.jivesoftware.util.ParamUtils"%>
<%@ page import="org.jivesoftware.util.StringUtils"%>
<%@ page import="javax.xml.bind.DatatypeConverter" %> <%@ page import="javax.xml.bind.DatatypeConverter" %>
<%@ page import="java.security.AlgorithmParameters" %> <%@ page import="java.security.AlgorithmParameters" %>
<%@ page import="java.security.cert.X509Certificate" %> <%@ page import="java.security.cert.X509Certificate" %>
...@@ -79,6 +80,7 @@ ...@@ -79,6 +80,7 @@
} }
pageContext.setAttribute( "errors", errors ); pageContext.setAttribute( "errors", errors );
pageContext.setAttribute( "alias", StringUtils.escapeHTMLTags(alias) );
%> %>
<html> <html>
...@@ -120,7 +122,7 @@ ...@@ -120,7 +122,7 @@
<c:if test="${empty errors}"> <c:if test="${empty errors}">
<p> <p>
<fmt:message key="ssl.certificate.details.intro"> <fmt:message key="ssl.certificate.details.intro">
<fmt:param value="${param.alias}"/> <fmt:param value="${alias}"/>
<fmt:param> <fmt:param>
<c:choose> <c:choose>
<c:when test="${param.type eq 'c2s'}"><fmt:message key="ssl.certificates.truststore.c2s-title"/></c:when> <c:when test="${param.type eq 'c2s'}"><fmt:message key="ssl.certificates.truststore.c2s-title"/></c:when>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment