summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGrant Gainey <ggainey@redhat.com>2013-10-17 18:55:40 (GMT)
committerGrant Gainey <ggainey@redhat.com>2014-02-11 16:06:34 (GMT)
commit1d0f4b4a78ea03d9f2d05fbd52236b1f2ab68e85 (patch)
tree24f5f446838b90a11a47660580a1fb74f1be43d8
parent05a950c07e4434da623ded137c970211f84d46e6 (diff)
downloadspacewalk-1d0f4b4a78ea03d9f2d05fbd52236b1f2ab68e85.zip
spacewalk-1d0f4b4a78ea03d9f2d05fbd52236b1f2ab68e85.tar.gz
spacewalk-1d0f4b4a78ea03d9f2d05fbd52236b1f2ab68e85.tar.xz
1063915, CVE-2012-6149, Fix XSS in notes.jsp
-rw-r--r--java/code/webapp/WEB-INF/pages/systems/sdc/notes.jsp4
1 files changed, 2 insertions, 2 deletions
diff --git a/java/code/webapp/WEB-INF/pages/systems/sdc/notes.jsp b/java/code/webapp/WEB-INF/pages/systems/sdc/notes.jsp
index f0be578..194e5a6 100644
--- a/java/code/webapp/WEB-INF/pages/systems/sdc/notes.jsp
+++ b/java/code/webapp/WEB-INF/pages/systems/sdc/notes.jsp
@@ -21,11 +21,11 @@
<rhn:column header="sdc.details.notes.subject" width="35%" sortProperty="subject"
url="/rhn/systems/details/EditNote.do?sid=${system.id}&nid=${current.id}">
- ${current.subject}
+ <c:out value="${current.subject}" escapeXml="true" />
</rhn:column>
<rhn:column header="sdc.details.notes.details" width="50%">
- <pre>${current.note}</pre>
+ <pre><c:out value="${current.note}" escapeXml="true" /></pre>
</rhn:column>
<rhn:column header="sdc.details.notes.updated" sortProperty="modified">