[sling-org-apache-sling-featureflags] 08/10: SLING-4836 - Escape output in Apache Sling Feature Flags webconsole plugin * applied patch from Alexandre Collignon (Thanks!)

Tue, 07 Nov 2017 01:34:46 -0800 

This is an automated email from the ASF dual-hosted git repository.

rombert pushed a commit to annotated tag org.apache.sling.featureflags-1.0.2
in repository 
https://gitbox.apache.org/repos/asf/sling-org-apache-sling-featureflags.git

commit 30019fcf059dd2632cebaf31b901cc3b74130cb6
Author: Antonio Sanso <[email protected]>
AuthorDate: Fri Jun 26 07:31:10 2015 +0000

    SLING-4836 - Escape output in Apache Sling Feature Flags webconsole plugin
    * applied patch from  Alexandre Collignon (Thanks!)
    
    git-svn-id: 
https://svn.apache.org/repos/asf/sling/trunk/bundles/extensions/feature-flags@1687690
 13f79535-47bb-0310-9956-ffa450edef68
---
 src/main/java/org/apache/sling/featureflags/impl/FeatureManager.java | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git 
a/src/main/java/org/apache/sling/featureflags/impl/FeatureManager.java 
b/src/main/java/org/apache/sling/featureflags/impl/FeatureManager.java
index c4f6b84..9fed787 100644
--- a/src/main/java/org/apache/sling/featureflags/impl/FeatureManager.java
+++ b/src/main/java/org/apache/sling/featureflags/impl/FeatureManager.java
@@ -45,6 +45,7 @@ import org.apache.felix.scr.annotations.Reference;
 import org.apache.felix.scr.annotations.ReferenceCardinality;
 import org.apache.felix.scr.annotations.ReferencePolicy;
 import org.apache.felix.scr.annotations.Service;
+import org.apache.sling.api.request.ResponseUtil;
 import org.apache.sling.featureflags.Feature;
 import org.apache.sling.featureflags.Features;
 import org.osgi.framework.Constants;
@@ -155,8 +156,8 @@ public class FeatureManager implements Features, Filter, 
Servlet {
                 
pw.println("<tr><th>Name</th><th>Description</th><th>Enabled</th></tr>");
                 final ExecutionContextImpl ctx = getCurrentExecutionContext();
                 for (final Feature feature : features) {
-                    pw.printf("<tr><td>%s</td><td>%s</td><td>%s</td></tr>%n", 
feature.getName(),
-                        feature.getDescription(), ctx.isEnabled(feature));
+                    pw.printf("<tr><td>%s</td><td>%s</td><td>%s</td></tr>%n", 
ResponseUtil.escapeXml(feature.getName()),
+                            ResponseUtil.escapeXml(feature.getDescription()), 
ctx.isEnabled(feature));
                 }
                 pw.println("</table>");
             }

-- 
To stop receiving notification emails like this one, please contact
"[email protected]" <[email protected]>.

Reply via email to