diff options
Diffstat (limited to 'id/server/modules/moa-id-module-ssoTransfer')
2 files changed, 30 insertions, 30 deletions
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java index a37beac70..dc55df05b 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java @@ -160,15 +160,15 @@ public class SSOTransferServlet{ } catch (MOAIDException | MOADatabaseException e) { e.printStackTrace(); - resp.sendError(500, e.getMessage()); + resp.sendError(500, StringEscapeUtils.escapeHtml(e.getMessage())); } catch (NoSuchAlgorithmException | InvalidParameterSpecException e) { e.printStackTrace(); - resp.sendError(500, e.getMessage()); + resp.sendError(500, StringEscapeUtils.escapeHtml(e.getMessage())); } catch (Exception e) { e.printStackTrace(); - resp.sendError(500, e.getMessage()); + resp.sendError(500, StringEscapeUtils.escapeHtml(e.getMessage())); } } @@ -221,51 +221,51 @@ public class SSOTransferServlet{ } catch (OperatorCreationException e) { Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); } catch (CredentialsNotAvailableException e) { Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); } catch (PKCSException e) { Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); } catch (CertificateException e) { Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); } catch (InvalidKeyException e) { Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); } catch (NoSuchAlgorithmException e) { Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); } catch (InvalidKeySpecException e) { Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); } catch (SessionDataStorageException e) { Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); } catch (ParseException e) { Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); } catch (IllegalBlockSizeException e) { Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); } catch (BadPaddingException e) { Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); } catch (NoSuchPaddingException e) { Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); } @@ -323,50 +323,50 @@ public class SSOTransferServlet{ } catch (OperatorCreationException e) { // TODO Auto-generated catch block e.printStackTrace(); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); } catch (CredentialsNotAvailableException e) { // TODO Auto-generated catch block e.printStackTrace(); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); } catch (PKCSException e) { // TODO Auto-generated catch block e.printStackTrace(); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); } catch (CertificateException e) { // TODO Auto-generated catch block e.printStackTrace(); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); } catch (InvalidKeyException e) { // TODO Auto-generated catch block e.printStackTrace(); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); } catch (NoSuchAlgorithmException e) { // TODO Auto-generated catch block e.printStackTrace(); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); } catch (InvalidKeySpecException e) { // TODO Auto-generated catch block e.printStackTrace(); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); } catch (SessionDataStorageException e) { e.printStackTrace(); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); } catch (IllegalBlockSizeException e) { e.printStackTrace(); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); } catch (BadPaddingException e) { e.printStackTrace(); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); } catch (NoSuchPaddingException e) { e.printStackTrace(); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); } @@ -423,15 +423,15 @@ public class SSOTransferServlet{ } catch (MOAIDException | MOADatabaseException e) { e.printStackTrace(); - resp.sendError(500, e.getMessage()); + resp.sendError(500, StringEscapeUtils.escapeHtml(e.getMessage())); } catch (NoSuchAlgorithmException | InvalidParameterSpecException e) { e.printStackTrace(); - resp.sendError(500, e.getMessage()); + resp.sendError(500, StringEscapeUtils.escapeHtml(e.getMessage())); } catch (Exception e) { e.printStackTrace(); - resp.sendError(500, e.getMessage()); + resp.sendError(500, StringEscapeUtils.escapeHtml(e.getMessage())); } } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java index 13a278d1d..fe164c514 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java @@ -105,7 +105,7 @@ public class GUIUtils { config.putCustomParameter("QRImage", base64EncodedImage); config.putCustomParameter("successMsg", "Select the SSO Session in your <i>SSO-Transfer App</i> and scan the QR-Code to start the process."); - config.putCustomParameter("timeoutURL", containerURL); + config.putCustomParameterWithOutEscaption("timeoutURL", containerURL); config.putCustomParameter("timeout", REFESH_TIMEOUT); guiBuilder.build(response, config, "SSO-Transfer-Module"); |