Author: lukaszlenart
Date: Tue Mar 20 09:10:37 2012
New Revision: 1302803
URL: http://svn.apache.org/viewvc?rev=1302803&view=rev
Log:
Adds better way to handle JavaScript injection into request parameters
Modified:
struts/struts2/trunk/core/src/main/java/org/apache/struts2/views/util/UrlHelper.java
struts/struts2/trunk/core/src/test/java/org/apache/struts2/views/util/UrlHelperTest.java
Modified:
struts/struts2/trunk/core/src/main/java/org/apache/struts2/views/util/UrlHelper.java
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/core/src/main/java/org/apache/struts2/views/util/UrlHelper.java?rev=1302803&r1=1302802&r2=1302803&view=diff
==
---
struts/struts2/trunk/core/src/main/java/org/apache/struts2/views/util/UrlHelper.java
(original)
+++
struts/struts2/trunk/core/src/main/java/org/apache/struts2/views/util/UrlHelper.java
Tue Mar 20 09:10:37 2012
@@ -27,6 +27,7 @@ import com.opensymphony.xwork2.util.Text
import com.opensymphony.xwork2.util.ValueStack;
import com.opensymphony.xwork2.util.logging.Logger;
import com.opensymphony.xwork2.util.logging.LoggerFactory;
+import org.apache.commons.lang3.StringEscapeUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.struts2.ServletActionContext;
import org.apache.struts2.StrutsConstants;
@@ -176,8 +177,8 @@ public class UrlHelper {
String result = link.toString();
-while (result.indexOf("") > 0){
- result = result.replaceAll("