add escaping on some places

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2017-11-27 12:11:45 +0100
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2017-11-27 15:45:21 +0100
commit: 366c463274f3ca06d500c59c0839feb225b4e0b5 (patch)
tree: 8130bfea98bf99a36f172f4aa89c8a1ff843c52d /id/server/modules/moa-id-module-ssoTransfer
parent: 868d6e587cb262683a658fdbd56bb752913638b4 (diff)
download: moa-id-spss-366c463274f3ca06d500c59c0839feb225b4e0b5.tar.gz
moa-id-spss-366c463274f3ca06d500c59c0839feb225b4e0b5.tar.bz2
moa-id-spss-366c463274f3ca06d500c59c0839feb225b4e0b5.zip
2 files changed, 30 insertions, 30 deletions
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
index a37beac70..dc55df05b 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
@@ -160,15 +160,15 @@ public class SSOTransferServlet{
 
 		} catch (MOAIDException | MOADatabaseException e) {
 			e.printStackTrace();
-			resp.sendError(500, e.getMessage());
+			resp.sendError(500, StringEscapeUtils.escapeHtml(e.getMessage()));
 
 		} catch (NoSuchAlgorithmException | InvalidParameterSpecException e) {
 			e.printStackTrace();
-			resp.sendError(500, e.getMessage());
+			resp.sendError(500, StringEscapeUtils.escapeHtml(e.getMessage()));
 
 		} catch (Exception e) {
 			e.printStackTrace();
-			resp.sendError(500, e.getMessage());
+			resp.sendError(500, StringEscapeUtils.escapeHtml(e.getMessage()));
 		}							
 	}
 
@@ -221,51 +221,51 @@ public class SSOTransferServlet{
 				
 			} catch (OperatorCreationException e) {
 				Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (CredentialsNotAvailableException e) {
 				Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (PKCSException e) {
 				Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (CertificateException e) {
 				Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (InvalidKeyException e) {
 				Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (NoSuchAlgorithmException e) {
 				Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (InvalidKeySpecException e) {
 				Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (SessionDataStorageException e) {
 				Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (ParseException e) {
 				Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (IllegalBlockSizeException e) {
 				Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (BadPaddingException e) {
 				Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (NoSuchPaddingException e) {
 				Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			}
 							
@@ -323,50 +323,50 @@ public class SSOTransferServlet{
 			} catch (OperatorCreationException e) {
 				// TODO Auto-generated catch block
 				e.printStackTrace();
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (CredentialsNotAvailableException e) {
 				// TODO Auto-generated catch block
 				e.printStackTrace();
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (PKCSException e) {
 				// TODO Auto-generated catch block
 				e.printStackTrace();
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (CertificateException e) {
 				// TODO Auto-generated catch block
 				e.printStackTrace();
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (InvalidKeyException e) {
 				// TODO Auto-generated catch block
 				e.printStackTrace();
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (NoSuchAlgorithmException e) {
 				// TODO Auto-generated catch block
 				e.printStackTrace();
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (InvalidKeySpecException e) {
 				// TODO Auto-generated catch block
 				e.printStackTrace();
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
 			} catch (SessionDataStorageException e) {
 				e.printStackTrace();
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 			} catch (IllegalBlockSizeException e) {
 				e.printStackTrace();
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 			} catch (BadPaddingException e) {
 				e.printStackTrace();
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 			} catch (NoSuchPaddingException e) {
 				e.printStackTrace();
-				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 			}
 			
 			
@@ -423,15 +423,15 @@ public class SSOTransferServlet{
 			
 		} catch (MOAIDException | MOADatabaseException e) {
 			e.printStackTrace();
-			resp.sendError(500, e.getMessage());
+			resp.sendError(500, StringEscapeUtils.escapeHtml(e.getMessage()));
 		
 		} catch (NoSuchAlgorithmException | InvalidParameterSpecException e) {
 			e.printStackTrace();
-			resp.sendError(500, e.getMessage());
+			resp.sendError(500, StringEscapeUtils.escapeHtml(e.getMessage()));
 			
 		} catch (Exception e) {
 			e.printStackTrace();
-			resp.sendError(500, e.getMessage());
+			resp.sendError(500, StringEscapeUtils.escapeHtml(e.getMessage()));
 		}							
 	}
 	
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java
index 13a278d1d..fe164c514 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java
@@ -105,7 +105,7 @@ public class GUIUtils {
 			
 			config.putCustomParameter("QRImage", base64EncodedImage);		
 			config.putCustomParameter("successMsg", "Select the SSO Session in your <i>SSO-Transfer App</i> and scan the QR-Code to start the process.");			
-			config.putCustomParameter("timeoutURL", containerURL);
+			config.putCustomParameterWithOutEscaption("timeoutURL", containerURL);
 			config.putCustomParameter("timeout", REFESH_TIMEOUT);
 				
 			guiBuilder.build(response, config, "SSO-Transfer-Module");
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2017-11-27 12:11:45 +0100
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2017-11-27 15:45:21 +0100
commit	366c463274f3ca06d500c59c0839feb225b4e0b5 (patch)
tree	8130bfea98bf99a36f172f4aa89c8a1ff843c52d /id/server/modules/moa-id-module-ssoTransfer
parent	868d6e587cb262683a658fdbd56bb752913638b4 (diff)
download	moa-id-spss-366c463274f3ca06d500c59c0839feb225b4e0b5.tar.gz moa-id-spss-366c463274f3ca06d500c59c0839feb225b4e0b5.tar.bz2 moa-id-spss-366c463274f3ca06d500c59c0839feb225b4e0b5.zip