fix: port security improvement (XSS) from Felix WebConsole#2729
fix: port security improvement (XSS) from Felix WebConsole#2729jbonofre wants to merge 1 commit into
Conversation
| * specific language governing permissions and limitations | ||
| * under the License. | ||
| */ | ||
| package org.apache.felix.webconsole.internal.core; |
There was a problem hiding this comment.
maybe add some comment here that this is the original file form
https://github.com/apache/felix-dev/blob/org.apache.felix.webconsole-4.8.12/webconsole/src/main/java/org/apache/felix/webconsole/internal/core/ServicesServlet.java
plus the replacement escapeJavaScript()
There was a problem hiding this comment.
Good idea, let me do that.
| } | ||
|
|
||
|
|
||
| private static String escapeJavaScript( final String input ) |
There was a problem hiding this comment.
|
Good to have a workaround. This webconsole warning was long time around and we simply could not upgrade due to jakarta switch. I'd just recommend the two references above to be added, otherwise LGTM. |
|
@holgerfriedrich thanks for your suggestions. It makes sense. I will do the changes. |
This closes #2719