This is an automated email from the ASF dual-hosted git repository.
cziegeler pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/felix-dev.git
The following commit(s) were added to refs/heads/master by this push:
new 2d37b3ca32 FELIX-6757 : Properly encode bundle information
2d37b3ca32 is described below
commit 2d37b3ca32508861f5347f839334b1d1ccb83878
Author: Carsten Ziegeler <[email protected]>
AuthorDate: Sun Mar 9 11:14:47 2025 +0100
FELIX-6757 : Properly encode bundle information
---
.../webconsole/internal/core/BundlesServlet.java | 19 ++++++++++++-------
1 file changed, 12 insertions(+), 7 deletions(-)
diff --git
a/webconsole/src/main/java/org/apache/felix/webconsole/internal/core/BundlesServlet.java
b/webconsole/src/main/java/org/apache/felix/webconsole/internal/core/BundlesServlet.java
index fde9fcffb0..93ba3a2538 100644
---
a/webconsole/src/main/java/org/apache/felix/webconsole/internal/core/BundlesServlet.java
+++
b/webconsole/src/main/java/org/apache/felix/webconsole/internal/core/BundlesServlet.java
@@ -77,6 +77,7 @@ import org.osgi.service.packageadmin.ExportedPackage;
import org.osgi.service.packageadmin.PackageAdmin;
import org.osgi.util.tracker.ServiceTracker;
import org.osgi.util.tracker.ServiceTrackerCustomizer;
+import org.owasp.encoder.Encode;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
@@ -137,14 +138,14 @@ public class BundlesServlet extends
AbstractOsgiManagerPlugin implements Invento
private ServiceRegistration<BundleInfoProvider> bipCapabilitiesRequired;
/**
- * Default constructor
+ * Default constructor
* @throws IOException If template can't be read
*/
public BundlesServlet() throws IOException {
// load templates
TEMPLATE_MAIN = readTemplateFile( "/templates/bundles.html" );
}
-
+
@Override
protected String getCategory() {
return CATEGORY_OSGI;
@@ -170,24 +171,24 @@ public class BundlesServlet extends
AbstractOsgiManagerPlugin implements Invento
super.activate( bundleContext );
bundleInfoTracker = new ServiceTracker<>( bundleContext,
BundleInfoProvider.class, new
ServiceTrackerCustomizer<BundleInfoProvider,BundleInfoProvider>() {
-
+
@Override
public BundleInfoProvider
addingService(ServiceReference<BundleInfoProvider> reference) {
return bundleContext.getService(reference);
}
-
+
@Override
public void
modifiedService(ServiceReference<BundleInfoProvider> reference,
BundleInfoProvider service) {
// nothing to do
}
-
+
@Override
public void
removedService(ServiceReference<BundleInfoProvider> reference,
BundleInfoProvider service) {
try {
bundleContext.ungetService(reference);
} catch ( final IllegalStateException ise) {
// might happen on shutdown, ignore
- }
+ }
}
});
bundleInfoTracker.open();
@@ -762,7 +763,11 @@ public class BundlesServlet extends
AbstractOsgiManagerPlugin implements Invento
{
final Map<String, Object> obj = new LinkedHashMap<String,
Object>();
obj.put("key", key);
- obj.put("value", val);
+ if ( val instanceof String ) {
+ obj.put("value", Encode.forJavaScript((String)val));
+ } else {
+ obj.put("value", val);
+ }
props.add(obj);
}
}
