Fix potential XSS holes

2009-12-04 00:27:05 +00:00
parent c4e6148b9f
commit f5c1acc749
6 changed files with 18 additions and 7 deletions
--- a/apps/routerconsole/jsp/configpeer.jsp
+++ b/apps/routerconsole/jsp/configpeer.jsp
@ -24,7 +24,7 @@

 <% String peer = "";
    if (request.getParameter("peer") != null)
-        peer = request.getParameter("peer");
+        peer = net.i2p.data.DataHelper.stripHTML(request.getParameter("peer"));  // XSS
 %>
 <div class="configure">
 <form action="configpeer.jsp" method="POST">