fix html encode in jsp
Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/be2f69c3 Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/be2f69c3 Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/be2f69c3 Branch: refs/heads/asf-site Commit: be2f69c37cab7214382d99e36e27347fc9f3b09b Parents: 068263e Author: Mike Dunker <mdun...@google.com> Authored: Fri Jul 28 14:11:31 2017 -0700 Committer: Mike Dunker <mdun...@google.com> Committed: Thu Aug 17 09:47:00 2017 -0700 ---------------------------------------------------------------------- .../org/apache/usergrid/rest/TestResource/error.jsp | 4 ++-- .../org/apache/usergrid/rest/TestResource/test.jsp | 5 +++-- .../ApplicationResource/authorize_form.jsp | 15 ++++++++------- .../rest/applications/ApplicationResource/error.jsp | 4 ++-- .../applications/users/UserResource/activate.jsp | 4 ++-- .../rest/applications/users/UserResource/confirm.jsp | 4 ++-- .../rest/applications/users/UserResource/error.jsp | 4 ++-- .../users/UserResource/resetpw_email_form.jsp | 11 ++++++----- .../users/UserResource/resetpw_email_success.jsp | 4 ++-- .../users/UserResource/resetpw_set_form.jsp | 9 +++++---- .../users/UserResource/resetpw_set_success.jsp | 4 ++-- .../rest/applications/users/UsersResource/error.jsp | 4 ++-- .../users/UsersResource/resetpw_email_form.jsp | 9 +++++---- .../users/UsersResource/resetpw_email_success.jsp | 4 ++-- .../management/ManagementResource/authorize_form.jsp | 15 ++++++++------- .../rest/management/ManagementResource/error.jsp | 4 ++-- .../organizations/OrganizationResource/activate.jsp | 4 ++-- .../organizations/OrganizationResource/confirm.jsp | 4 ++-- .../organizations/OrganizationResource/error.jsp | 4 ++-- .../rest/management/users/UserResource/activate.jsp | 4 ++-- .../rest/management/users/UserResource/confirm.jsp | 4 ++-- .../rest/management/users/UserResource/error.jsp | 4 ++-- .../users/UserResource/resetpw_email_form.jsp | 9 +++++---- .../users/UserResource/resetpw_email_success.jsp | 4 ++-- .../users/UserResource/resetpw_set_form.jsp | 8 ++++---- .../users/UserResource/resetpw_set_success.jsp | 4 ++-- .../rest/management/users/UsersResource/error.jsp | 4 ++-- .../users/UsersResource/resetpw_email_form.jsp | 6 +++--- .../users/UsersResource/resetpw_email_success.jsp | 4 ++-- 29 files changed, 87 insertions(+), 80 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/usergrid/blob/be2f69c3/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/error.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/error.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/error.jsp index be184b1..d02ad40 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/error.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/error.jsp @@ -27,7 +27,7 @@ limitations under the License. </head> <body> - <p>An error occurred <c:out value="${it}"/>.</p> + <p>An error occurred <c:out value="${it}" escapeXml="true"/>.</p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/be2f69c3/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/test.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/test.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/test.jsp index 83a6ad1..68c12f2 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/test.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/test.jsp @@ -1,5 +1,6 @@ <%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%> +<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn"%> <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with @@ -24,6 +25,6 @@ limitations under the License. <link rel="stylesheet" type="text/css" href="/css/styles.css" /> </head> <body> -<h1>${it.foo}</h1> +<h1>${fn:escapeXml(it.foo)}</h1> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/be2f69c3/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/authorize_form.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/authorize_form.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/authorize_form.jsp index 6b1b8b2..0079bcf 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/authorize_form.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/authorize_form.jsp @@ -2,6 +2,7 @@ pageEncoding="ISO-8859-1"%> <%@ page import="org.apache.usergrid.rest.AbstractContextResource"%> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> +<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn"%> <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with @@ -28,13 +29,13 @@ limitations under the License. <body> <div class="dialog-area"> - <c:if test="${!empty it.errorMsg}"><div class="dialog-form-message">${it.errorMsg}</div></c:if> + <c:if test="${!empty fn:escapeXml(it.errorMsg)}"><div class="dialog-form-message">${fn:escapeXml(it.errorMsg)}</div></c:if> <form class="dialog-form" action="" method="post"> - <input type="hidden" name="response_type" value="${it.responseType}"> - <input type="hidden" name="client_id" value="${it.clientId}"> - <input type="hidden" name="redirect_uri" value="${it.redirectUri}"> - <input type="hidden" name="scope" value="${it.scope}"> - <input type="hidden" name="state" value="${it.state}"> + <input type="hidden" name="response_type" value="${fn:escapeXml(it.responseType)}"> + <input type="hidden" name="client_id" value="${fn:escapeXml(it.clientId)}"> + <input type="hidden" name="redirect_uri" value="${fn:escapeXml(it.redirectUri)}"> + <input type="hidden" name="scope" value="${fn:escapeXml(it.scope)}"> + <input type="hidden" name="state" value="${fn:escapeXml(it.state)}"> <fieldset> <p> <label for="username">Username</label> @@ -56,4 +57,4 @@ limitations under the License. </div> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/be2f69c3/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/error.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/error.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/error.jsp index be184b1..d02ad40 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/error.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/error.jsp @@ -27,7 +27,7 @@ limitations under the License. </head> <body> - <p>An error occurred <c:out value="${it}"/>.</p> + <p>An error occurred <c:out value="${it}" escapeXml="true"/>.</p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/be2f69c3/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/activate.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/activate.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/activate.jsp index dfcf3b7..20e69b8 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/activate.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/activate.jsp @@ -26,7 +26,7 @@ limitations under the License. </head> <body> - <p>Your account with email address <c:out value="${it.user.email}"/> has been successfully activated.</p> + <p>Your account with email address <c:out value="${it.user.email}" escapeXml="true"/> has been successfully activated.</p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/be2f69c3/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/confirm.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/confirm.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/confirm.jsp index 02e9ee3..d7f3acc 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/confirm.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/confirm.jsp @@ -26,8 +26,8 @@ limitations under the License. </head> <body> - <p>Your account with email address <c:out value="${it.user.email}"/> has been successfully confirmed. + <p>Your account with email address <c:out value="${it.user.email}" escapeXml="true"/> has been successfully confirmed. You will received an email soon to let you know when you account has been activated</p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/be2f69c3/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/error.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/error.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/error.jsp index be184b1..d02ad40 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/error.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/error.jsp @@ -27,7 +27,7 @@ limitations under the License. </head> <body> - <p>An error occurred <c:out value="${it}"/>.</p> + <p>An error occurred <c:out value="${it}" escapeXml="true"/>.</p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/be2f69c3/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_form.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_form.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_form.jsp index 0f53bfc..59026bf 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_form.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_form.jsp @@ -1,6 +1,7 @@ <%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> +<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn"%> <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with @@ -26,17 +27,17 @@ limitations under the License. </head> <body> <div class="dialog-area"> - <c:if test="${!empty it.errorMsg}"> - <div class="dialog-form-message">${it.errorMsg}</div> + <c:if test="${!empty fn:escapeXml(it.errorMsg)}"> + <div class="dialog-form-message">${fn:escapeXml(it.errorMsg)}</div> </c:if> <form class="dialog-form" action="" method="post"> <fieldset> <p> Enter the captcha to have your password reset instructions sent to - <c:out value="${it.user.email}" /> + <c:out value="${it.user.email}" escapeXml="true" /> </p> <p id="human-proof"></p> - ${it.reCaptchaHtml} + ${fn:escapeXml(it.reCaptchaHtml)} <p class="buttons"> <input type="submit" value="submit" /> </p> @@ -44,4 +45,4 @@ limitations under the License. </form> </div> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/be2f69c3/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_success.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_success.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_success.jsp index 23f8508..41c5176 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_success.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_success.jsp @@ -29,7 +29,7 @@ limitations under the License. </head> <body> - <p>Email with instructions for password reset sent to <c:out value="${it.user.email}"/></p> + <p>Email with instructions for password reset sent to <c:out value="${it.user.email}" escapeXml="true"/></p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/be2f69c3/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_form.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_form.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_form.jsp index a83d80d..19b6528 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_form.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_form.jsp @@ -4,6 +4,7 @@ <%@ page import="net.tanesha.recaptcha.ReCaptchaFactory"%> <%@ page import="org.apache.usergrid.rest.AbstractContextResource"%> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> +<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn"%> <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with @@ -30,12 +31,12 @@ limitations under the License. <body> <div class="dialog-area"> - <c:if test="${!empty it.errorMsg}"><div class="dialog-form-message">${it.errorMsg}</div></c:if> + <c:if test="${!empty fn:escapeXml(it.errorMsg)}"><div class="dialog-form-message">${fn:escapeXml(it.errorMsg)}</div></c:if> <form class="dialog-form" action="" method="post"> - <input type="hidden" name="token" value="${it.token}"> + <input type="hidden" name="token" value="${fn:escapeXml(it.token)}"> <fieldset> <p> - <label for="password1">Please enter your new password for <c:out value="${it.user.email}"/>.</label> + <label for="password1">Please enter your new password for <c:out value="${it.user.email}" escapeXml="true"/>.</label> </p> <p> <input class="text_field" id="password1" name="password1" type="password" /> @@ -54,4 +55,4 @@ limitations under the License. </div> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/be2f69c3/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_success.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_success.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_success.jsp index 9de90ba..3915084 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_success.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_success.jsp @@ -29,7 +29,7 @@ limitations under the License. </head> <body> - <p>New password set for <c:out value="${it.user.email}"/></p> + <p>New password set for <c:out value="${it.user.email}" escapeXml="true"/></p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/be2f69c3/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/error.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/error.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/error.jsp index be184b1..d02ad40 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/error.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/error.jsp @@ -27,7 +27,7 @@ limitations under the License. </head> <body> - <p>An error occurred <c:out value="${it}"/>.</p> + <p>An error occurred <c:out value="${it}" escapeXml="true"/>.</p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/be2f69c3/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_form.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_form.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_form.jsp index 3211a3a..f86240f 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_form.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_form.jsp @@ -1,6 +1,7 @@ <%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> +<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn"%> <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with @@ -27,8 +28,8 @@ limitations under the License. <body> <div class="dialog-area"> - <c:if test="${!empty it.errorMsg}"> - <div class="dialog-form-message">${it.errorMsg}</div> + <c:if test="${!empty fn:escapeXml(it.errorMsg)}"> + <div class="dialog-form-message">${fn:escapeXml(it.errorMsg)}</div> </c:if> <form class="dialog-form" action="" method="post"> <fieldset> @@ -41,7 +42,7 @@ limitations under the License. <input class="text_field" id="email" name="email" type="text" /> </p> <p id="human-proof"></p> - ${it.reCaptchaHtml} + ${fn:escapeXml(it.reCaptchaHtml)} <p class="buttons"> <button type="submit">Submit</button> </p> @@ -50,4 +51,4 @@ limitations under the License. </div> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/be2f69c3/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_success.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_success.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_success.jsp index 23f8508..41c5176 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_success.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_success.jsp @@ -29,7 +29,7 @@ limitations under the License. </head> <body> - <p>Email with instructions for password reset sent to <c:out value="${it.user.email}"/></p> + <p>Email with instructions for password reset sent to <c:out value="${it.user.email}" escapeXml="true"/></p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/be2f69c3/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/authorize_form.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/authorize_form.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/authorize_form.jsp index 6b1b8b2..0079bcf 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/authorize_form.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/authorize_form.jsp @@ -2,6 +2,7 @@ pageEncoding="ISO-8859-1"%> <%@ page import="org.apache.usergrid.rest.AbstractContextResource"%> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> +<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn"%> <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with @@ -28,13 +29,13 @@ limitations under the License. <body> <div class="dialog-area"> - <c:if test="${!empty it.errorMsg}"><div class="dialog-form-message">${it.errorMsg}</div></c:if> + <c:if test="${!empty fn:escapeXml(it.errorMsg)}"><div class="dialog-form-message">${fn:escapeXml(it.errorMsg)}</div></c:if> <form class="dialog-form" action="" method="post"> - <input type="hidden" name="response_type" value="${it.responseType}"> - <input type="hidden" name="client_id" value="${it.clientId}"> - <input type="hidden" name="redirect_uri" value="${it.redirectUri}"> - <input type="hidden" name="scope" value="${it.scope}"> - <input type="hidden" name="state" value="${it.state}"> + <input type="hidden" name="response_type" value="${fn:escapeXml(it.responseType)}"> + <input type="hidden" name="client_id" value="${fn:escapeXml(it.clientId)}"> + <input type="hidden" name="redirect_uri" value="${fn:escapeXml(it.redirectUri)}"> + <input type="hidden" name="scope" value="${fn:escapeXml(it.scope)}"> + <input type="hidden" name="state" value="${fn:escapeXml(it.state)}"> <fieldset> <p> <label for="username">Username</label> @@ -56,4 +57,4 @@ limitations under the License. </div> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/be2f69c3/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/error.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/error.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/error.jsp index be184b1..d02ad40 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/error.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/error.jsp @@ -27,7 +27,7 @@ limitations under the License. </head> <body> - <p>An error occurred <c:out value="${it}"/>.</p> + <p>An error occurred <c:out value="${it}" escapeXml="true"/>.</p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/be2f69c3/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/activate.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/activate.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/activate.jsp index 85114cd..f5fa14d 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/activate.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/activate.jsp @@ -26,7 +26,7 @@ limitations under the License. </head> <body> - <p>Your organization <c:out value="${it.organization.name}"/> has been successfully activated.</p> + <p>Your organization <c:out value="${it.organization.name}" escapeXml="true"/> has been successfully activated.</p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/be2f69c3/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/confirm.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/confirm.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/confirm.jsp index f4307b7..5fb41c7 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/confirm.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/confirm.jsp @@ -26,8 +26,8 @@ limitations under the License. </head> <body> - <p>Your organization <c:out value="${it.organization.name}"/> has been successfully confirmed. + <p>Your organization <c:out value="${it.organization.name}" escapeXml="true"/> has been successfully confirmed. You will received an email soon to let you know when you organization has been activated</p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/be2f69c3/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/error.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/error.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/error.jsp index be184b1..d02ad40 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/error.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/error.jsp @@ -27,7 +27,7 @@ limitations under the License. </head> <body> - <p>An error occurred <c:out value="${it}"/>.</p> + <p>An error occurred <c:out value="${it}" escapeXml="true"/>.</p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/be2f69c3/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/activate.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/activate.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/activate.jsp index dfcf3b7..20e69b8 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/activate.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/activate.jsp @@ -26,7 +26,7 @@ limitations under the License. </head> <body> - <p>Your account with email address <c:out value="${it.user.email}"/> has been successfully activated.</p> + <p>Your account with email address <c:out value="${it.user.email}" escapeXml="true"/> has been successfully activated.</p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/be2f69c3/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/confirm.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/confirm.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/confirm.jsp index 02e9ee3..d7f3acc 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/confirm.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/confirm.jsp @@ -26,8 +26,8 @@ limitations under the License. </head> <body> - <p>Your account with email address <c:out value="${it.user.email}"/> has been successfully confirmed. + <p>Your account with email address <c:out value="${it.user.email}" escapeXml="true"/> has been successfully confirmed. You will received an email soon to let you know when you account has been activated</p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/be2f69c3/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/error.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/error.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/error.jsp index be184b1..d02ad40 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/error.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/error.jsp @@ -27,7 +27,7 @@ limitations under the License. </head> <body> - <p>An error occurred <c:out value="${it}"/>.</p> + <p>An error occurred <c:out value="${it}" escapeXml="true"/>.</p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/be2f69c3/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_form.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_form.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_form.jsp index 3e56cd1..c9f8309 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_form.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_form.jsp @@ -1,6 +1,7 @@ <%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> +<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn"%> <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with @@ -26,17 +27,17 @@ limitations under the License. </head> <body> <div class="dialog-area password-reset-form"> - <c:if test="${!empty it.errorMsg}"> - <div class="dialog-form-message">${it.errorMsg}</div> + <c:if test="${!empty fn:escapeXml(it.errorMsg)}"> + <div class="dialog-form-message">${fn:escapeXml(it.errorMsg)}</div> </c:if> <form class="dialog-form" action="" method="post"> <fieldset> <p> Enter the captcha to have your password reset instructions sent to - <c:out value="${it.user.email}" /> + <c:out value="${it.user.email}" escapeXml="true" /> </p> <p id="human-proof"></p> - ${it.reCaptchaHtml} + ${fn:escapeXml(it.reCaptchaHtml)} <p class="buttons"> <input type="submit" value="submit" /> </p> http://git-wip-us.apache.org/repos/asf/usergrid/blob/be2f69c3/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_success.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_success.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_success.jsp index 23f8508..41c5176 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_success.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_success.jsp @@ -29,7 +29,7 @@ limitations under the License. </head> <body> - <p>Email with instructions for password reset sent to <c:out value="${it.user.email}"/></p> + <p>Email with instructions for password reset sent to <c:out value="${it.user.email}" escapeXml="true"/></p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/be2f69c3/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_form.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_form.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_form.jsp index a83d80d..60384c4 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_form.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_form.jsp @@ -30,12 +30,12 @@ limitations under the License. <body> <div class="dialog-area"> - <c:if test="${!empty it.errorMsg}"><div class="dialog-form-message">${it.errorMsg}</div></c:if> + <c:if test="${!empty fn:escapeXml(it.errorMsg)}"><div class="dialog-form-message">${fn:escapeXml(it.errorMsg)}</div></c:if> <form class="dialog-form" action="" method="post"> - <input type="hidden" name="token" value="${it.token}"> + <input type="hidden" name="token" value="${fn:escapeXml(it.token)}"> <fieldset> <p> - <label for="password1">Please enter your new password for <c:out value="${it.user.email}"/>.</label> + <label for="password1">Please enter your new password for <c:out value="${it.user.email}" escapeXml="true"/>.</label> </p> <p> <input class="text_field" id="password1" name="password1" type="password" /> @@ -54,4 +54,4 @@ limitations under the License. </div> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/be2f69c3/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_success.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_success.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_success.jsp index 9de90ba..3915084 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_success.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_success.jsp @@ -29,7 +29,7 @@ limitations under the License. </head> <body> - <p>New password set for <c:out value="${it.user.email}"/></p> + <p>New password set for <c:out value="${it.user.email}" escapeXml="true"/></p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/be2f69c3/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/error.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/error.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/error.jsp index be184b1..d02ad40 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/error.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/error.jsp @@ -27,7 +27,7 @@ limitations under the License. </head> <body> - <p>An error occurred <c:out value="${it}"/>.</p> + <p>An error occurred <c:out value="${it}" escapeXml="true"/>.</p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/be2f69c3/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_form.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_form.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_form.jsp index 8643016..8b15cd4 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_form.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_form.jsp @@ -27,7 +27,7 @@ limitations under the License. <body> <div class="dialog-area"> - <c:if test="${!empty it.errorMsg}"><div class="dialog-form-message">${it.errorMsg}</div></c:if> + <c:if test="${!empty fn:escnapeXml(it.errorMsg)}"><div class="dialog-form-message">${fn:escapeXml(it.errorMsg)}</div></c:if> <form class="dialog-form" action="" method="post"> <fieldset> <p> @@ -38,7 +38,7 @@ limitations under the License. <input class="text_field" id="email" name="email" type="text" /> </p> <p id="human-proof"></p> - ${it.reCaptchaHtml} + ${fn:escapeXml(it.reCaptchaHtml)} <p class="buttons"> <button type="submit">Submit</button> </p> @@ -47,4 +47,4 @@ limitations under the License. </div> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/be2f69c3/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_success.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_success.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_success.jsp index 23f8508..41c5176 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_success.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_success.jsp @@ -29,7 +29,7 @@ limitations under the License. </head> <body> - <p>Email with instructions for password reset sent to <c:out value="${it.user.email}"/></p> + <p>Email with instructions for password reset sent to <c:out value="${it.user.email}" escapeXml="true"/></p> </body> -</html> \ No newline at end of file +</html>