svn commit: r630742 - in /struts/struts2/branches/STRUTS_2_0_X/core/src: main/java/org/apache/struts2/components/ test/java/org/apache/struts2/views/jsp/ui/ test/resources/org/apache/struts2/views/jsp/ui/

rgielen Sun, 24 Feb 2008 22:26:45 -0800

Author: rgielen
Date: Sun Feb 24 22:26:12 2008
New Revision: 630742

URL: http://svn.apache.org/viewvc?rev=630742&view=rev
Log:
WW-2427:
Applied Don Brown's fix for escaping double quote in href to 2.0.x tree


Added:
    
struts/struts2/branches/STRUTS_2_0_X/core/src/test/resources/org/apache/struts2/views/jsp/ui/href-2.txt
Modified:
    
struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/components/AbstractRemoteCallUIBean.java
    
struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/components/UIBean.java
    
struts/struts2/branches/STRUTS_2_0_X/core/src/test/java/org/apache/struts2/views/jsp/ui/AnchorTest.java

Modified: 
struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/components/AbstractRemoteCallUIBean.java
URL: 
http://svn.apache.org/viewvc/struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/components/AbstractRemoteCallUIBean.java?rev=630742&r1=630741&r2=630742&view=diff
==============================================================================
--- 
struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/components/AbstractRemoteCallUIBean.java
 (original)
+++ 
struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/components/AbstractRemoteCallUIBean.java
 Sun Feb 24 22:26:12 2008
@@ -60,7 +60,7 @@
         super.evaluateExtraParams();
 
         if (href != null)
-            addParameter("href", findString(href));
+             addParameter("href", 
ensureAttributeSafelyNotEscaped(findString(href)));
         if (errorText != null)
             addParameter("errorText", findString(errorText));
         if (loadingText != null)

Modified: 
struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/components/UIBean.java
URL: 
http://svn.apache.org/viewvc/struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/components/UIBean.java?rev=630742&r1=630741&r2=630742&view=diff
==============================================================================
--- 
struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/components/UIBean.java
 (original)
+++ 
struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/components/UIBean.java
 Sun Feb 24 22:26:12 2008
@@ -790,6 +790,20 @@
         }
     }
 
+    /**
+     * Ensures an unescaped attribute value cannot be vulnerable to XSS attacks
+     *
+     * @param val The value to check
+     * @return The escaped value
+     */
+    protected String ensureAttributeSafelyNotEscaped(String val) {
+        if (val != null) {
+            return val.replaceAll("\"", "&#34;");
+        } else {
+            return "";
+        }
+    }
+
     protected void evaluateExtraParams() {
     }
 

Modified: 
struts/struts2/branches/STRUTS_2_0_X/core/src/test/java/org/apache/struts2/views/jsp/ui/AnchorTest.java
URL: 
http://svn.apache.org/viewvc/struts/struts2/branches/STRUTS_2_0_X/core/src/test/java/org/apache/struts2/views/jsp/ui/AnchorTest.java?rev=630742&r1=630741&r2=630742&view=diff
==============================================================================
--- 
struts/struts2/branches/STRUTS_2_0_X/core/src/test/java/org/apache/struts2/views/jsp/ui/AnchorTest.java
 (original)
+++ 
struts/struts2/branches/STRUTS_2_0_X/core/src/test/java/org/apache/struts2/views/jsp/ui/AnchorTest.java
 Sun Feb 24 22:26:12 2008
@@ -56,4 +56,18 @@
         verify(AnchorTest.class.getResource("href-1.txt"));
     }
 
+    public void testSimpleBadQuote() throws Exception {
+        TestAction testAction = (TestAction) action;
+        testAction.setFoo("bar");
+
+        AnchorTag tag = new AnchorTag();
+        tag.setPageContext(pageContext);
+
+        tag.setId("mylink");
+        tag.setHref("a\"");
+        tag.doStartTag();
+        tag.doEndTag();
+
+        verify(AnchorTest.class.getResource("href-2.txt"));
+    }
 }

Added: 
struts/struts2/branches/STRUTS_2_0_X/core/src/test/resources/org/apache/struts2/views/jsp/ui/href-2.txt
URL: 
http://svn.apache.org/viewvc/struts/struts2/branches/STRUTS_2_0_X/core/src/test/resources/org/apache/struts2/views/jsp/ui/href-2.txt?rev=630742&view=auto
==============================================================================
--- 
struts/struts2/branches/STRUTS_2_0_X/core/src/test/resources/org/apache/struts2/views/jsp/ui/href-2.txt
 (added)
+++ 
struts/struts2/branches/STRUTS_2_0_X/core/src/test/resources/org/apache/struts2/views/jsp/ui/href-2.txt
 Sun Feb 24 22:26:12 2008
@@ -0,0 +1,4 @@
+<a
+ id="mylink"
+ href="a&#34;">
+</a>
\ No newline at end of file

svn commit: r630742 - in /struts/struts2/branches/STRUTS_2_0_X/core/src: main/java/org/apache/struts2/components/ test/java/org/apache/struts2/views/jsp/ui/ test/resources/org/apache/struts2/views/jsp/ui/

Reply via email to