aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2017-11-27 12:11:45 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2017-11-27 15:45:21 +0100
commit366c463274f3ca06d500c59c0839feb225b4e0b5 (patch)
tree8130bfea98bf99a36f172f4aa89c8a1ff843c52d /id/server/idserverlib/src/main/java/at/gv
parent868d6e587cb262683a658fdbd56bb752913638b4 (diff)
downloadmoa-id-spss-366c463274f3ca06d500c59c0839feb225b4e0b5.tar.gz
moa-id-spss-366c463274f3ca06d500c59c0839feb225b4e0b5.tar.bz2
moa-id-spss-366c463274f3ca06d500c59c0839feb225b4e0b5.zip
add escaping on some places
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java3
2 files changed, 4 insertions, 3 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
index 67611dd72..dcf337213 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
@@ -91,7 +91,7 @@ public abstract class AbstractController extends MOAIDAuthConstants {
resp.setContentType(MediaType.HTML_UTF_8.toString());
resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Internal Server Error!" +
"(Errorcode=9199"
- +" | Description="+ exception.getMessage() + ")");
+ +" | Description="+ StringEscapeUtils.escapeHtml(exception.getMessage()) + ")");
return;
}
@@ -318,7 +318,7 @@ public abstract class AbstractController extends MOAIDAuthConstants {
if (e instanceof ProtocolNotActiveException) {
resp.getWriter().write(e.getMessage());
resp.setContentType(MediaType.HTML_UTF_8.toString());
- resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN, StringEscapeUtils.escapeHtml(e.getMessage()));
} else if (e instanceof AuthnRequestValidatorException) {
AuthnRequestValidatorException ex = (AuthnRequestValidatorException)e;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
index 2976dc420..c8c6c1fb5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
@@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.auth.servlet.interceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang.StringEscapeUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
@@ -76,7 +77,7 @@ public class WebFrontEndSecurityInterceptor implements HandlerInterceptor {
Logger.info(errorMsg);
response.sendError(
HttpServletResponse.SC_FORBIDDEN,
- errorMsg);
+ StringEscapeUtils.escapeHtml(errorMsg));
return false;
} else {