aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2017-11-27 12:11:45 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2017-11-27 12:11:45 +0100
commit5f2ad9d48b83d5979b1a147190f5177e3327744a (patch)
tree81cfcaae779036292c0fbe2213d22d7bab2fa0d1 /id/server/idserverlib/src
parentaca73741002d4285492d2b95f88779a14171b4e7 (diff)
downloadmoa-id-spss-5f2ad9d48b83d5979b1a147190f5177e3327744a.tar.gz
moa-id-spss-5f2ad9d48b83d5979b1a147190f5177e3327744a.tar.bz2
moa-id-spss-5f2ad9d48b83d5979b1a147190f5177e3327744a.zip
add escaping on some places
Diffstat (limited to 'id/server/idserverlib/src')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java3
2 files changed, 4 insertions, 3 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
index 5f74d8fdd..e396433e4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
@@ -91,7 +91,7 @@ public abstract class AbstractController extends MOAIDAuthConstants {
resp.setContentType(MediaType.HTML_UTF_8.toString());
resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Internal Server Error!" +
"(Errorcode=9199"
- +" | Description="+ exception.getMessage() + ")");
+ +" | Description="+ StringEscapeUtils.escapeHtml(exception.getMessage()) + ")");
return;
}
@@ -317,7 +317,7 @@ public abstract class AbstractController extends MOAIDAuthConstants {
if (e instanceof ProtocolNotActiveException) {
resp.getWriter().write(e.getMessage());
resp.setContentType(MediaType.HTML_UTF_8.toString());
- resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN, StringEscapeUtils.escapeHtml(e.getMessage()));
} else if (e instanceof AuthnRequestValidatorException) {
AuthnRequestValidatorException ex = (AuthnRequestValidatorException)e;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
index 2976dc420..c8c6c1fb5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
@@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.auth.servlet.interceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang.StringEscapeUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
@@ -76,7 +77,7 @@ public class WebFrontEndSecurityInterceptor implements HandlerInterceptor {
Logger.info(errorMsg);
response.sendError(
HttpServletResponse.SC_FORBIDDEN,
- errorMsg);
+ StringEscapeUtils.escapeHtml(errorMsg));
return false;
} else {