diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2017-11-27 12:11:45 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2017-11-27 12:11:45 +0100 |
commit | 5f2ad9d48b83d5979b1a147190f5177e3327744a (patch) | |
tree | 81cfcaae779036292c0fbe2213d22d7bab2fa0d1 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java | |
parent | aca73741002d4285492d2b95f88779a14171b4e7 (diff) | |
download | moa-id-spss-5f2ad9d48b83d5979b1a147190f5177e3327744a.tar.gz moa-id-spss-5f2ad9d48b83d5979b1a147190f5177e3327744a.tar.bz2 moa-id-spss-5f2ad9d48b83d5979b1a147190f5177e3327744a.zip |
add escaping on some places
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java index 2976dc420..c8c6c1fb5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java @@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.auth.servlet.interceptor; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang.StringEscapeUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; @@ -76,7 +77,7 @@ public class WebFrontEndSecurityInterceptor implements HandlerInterceptor { Logger.info(errorMsg); response.sendError( HttpServletResponse.SC_FORBIDDEN, - errorMsg); + StringEscapeUtils.escapeHtml(errorMsg)); return false; } else { |