Author: mrdon
Date: Fri Jan 25 05:13:23 2008
New Revision: 615212
URL: http://svn.apache.org/viewvc?rev=615212&view=rev
Log:
Adding a check for double quotes to help prevent XSS attacks
WW-2427
Added:
struts/struts2/trunk/core/src/test/resources/org/apache/struts2/views/jsp/ui/href-2.txt
Modified:
struts/struts2/trunk/core/src/main/java/org/apache/struts2/components/Anchor.java
struts/struts2/trunk/core/src/main/java/org/apache/struts2/components/UIBean.java
struts/struts2/trunk/core/src/test/java/org/apache/struts2/views/jsp/ui/AnchorTest.java
Modified:
struts/struts2/trunk/core/src/main/java/org/apache/struts2/components/Anchor.java
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/core/src/main/java/org/apache/struts2/components/Anchor.java?rev=615212&r1=615211&r2=615212&view=diff
==============================================================================
---
struts/struts2/trunk/core/src/main/java/org/apache/struts2/components/Anchor.java
(original)
+++
struts/struts2/trunk/core/src/main/java/org/apache/struts2/components/Anchor.java
Fri Jan 25 05:13:23 2008
@@ -74,9 +74,9 @@
super.evaluateExtraParams();
if (href != null)
- addParameter("href", findString(href));
+ addParameter("href",
ensureAttributeSafelyNotEscaped(findString(href)));
}
-
+
@StrutsTagAttribute(description="The URL.")
public void setHref(String href) {
this.href = href;
Modified:
struts/struts2/trunk/core/src/main/java/org/apache/struts2/components/UIBean.java
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/core/src/main/java/org/apache/struts2/components/UIBean.java?rev=615212&r1=615211&r2=615212&view=diff
==============================================================================
---
struts/struts2/trunk/core/src/main/java/org/apache/struts2/components/UIBean.java
(original)
+++
struts/struts2/trunk/core/src/main/java/org/apache/struts2/components/UIBean.java
Fri Jan 25 05:13:23 2008
@@ -837,6 +837,20 @@
}
}
+ /**
+ * Ensures an unescaped attribute value cannot be vulnerable to XSS attacks
+ *
+ * @param val The value to check
+ * @return The escaped value
+ */
+ protected String ensureAttributeSafelyNotEscaped(String val) {
+ if (val != null) {
+ return val.replaceAll("\"", """);
+ } else {
+ return "";
+ }
+ }
+
protected void evaluateExtraParams() {
}
Modified:
struts/struts2/trunk/core/src/test/java/org/apache/struts2/views/jsp/ui/AnchorTest.java
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/core/src/test/java/org/apache/struts2/views/jsp/ui/AnchorTest.java?rev=615212&r1=615211&r2=615212&view=diff
==============================================================================
---
struts/struts2/trunk/core/src/test/java/org/apache/struts2/views/jsp/ui/AnchorTest.java
(original)
+++
struts/struts2/trunk/core/src/test/java/org/apache/struts2/views/jsp/ui/AnchorTest.java
Fri Jan 25 05:13:23 2008
@@ -43,6 +43,21 @@
verify(AnchorTest.class.getResource("href-1.txt"));
}
+ public void testSimpleBadQuote() throws Exception {
+ TestAction testAction = (TestAction) action;
+ testAction.setFoo("bar");
+
+ AnchorTag tag = new AnchorTag();
+ tag.setPageContext(pageContext);
+
+ tag.setId("mylink");
+ tag.setHref("a\"");
+ tag.doStartTag();
+ tag.doEndTag();
+
+ verify(AnchorTest.class.getResource("href-2.txt"));
+ }
+
public void testDynamicAttribute() throws Exception {
TestAction testAction = (TestAction) action;
testAction.setFoo("bar");
Added:
struts/struts2/trunk/core/src/test/resources/org/apache/struts2/views/jsp/ui/href-2.txt
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/core/src/test/resources/org/apache/struts2/views/jsp/ui/href-2.txt?rev=615212&view=auto
==============================================================================
---
struts/struts2/trunk/core/src/test/resources/org/apache/struts2/views/jsp/ui/href-2.txt
(added)
+++
struts/struts2/trunk/core/src/test/resources/org/apache/struts2/views/jsp/ui/href-2.txt
Fri Jan 25 05:13:23 2008
@@ -0,0 +1,4 @@
+<a
+ id="mylink"
+ href="a"">
+</a>
