diff options
Diffstat (limited to 'src/main/webapp/jsp/error.jsp')
| -rw-r--r-- | src/main/webapp/jsp/error.jsp | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/main/webapp/jsp/error.jsp b/src/main/webapp/jsp/error.jsp index d135f88..8a06691 100644 --- a/src/main/webapp/jsp/error.jsp +++ b/src/main/webapp/jsp/error.jsp @@ -8,6 +8,7 @@ <%@ page import="org.apache.commons.httpclient.util.EncodingUtil" %>
<%@ page import="org.apache.commons.httpclient.NameValuePair" %>
<%@ page import="at.gv.egiz.pdfas.web.helper.SignServletHelper" %>
+<%@ page import="org.apache.commons.lang.StringEscapeUtils" %>
<%@ page import="java.io.*" %>
<%@ include file="language.jsp" %>
@@ -80,12 +81,12 @@ <div class="pdfasnote">
<% if (rb) { %>
<fmt:message key="<%= error %>"/>
- <% } else { out.write(error); } %>
+ <% } else { out.write(StringEscapeUtils.escapeHtml(error)); } %>
</div>
<div class="pdfasnote"><fmt:message key="error.cause"/>: <strong>
<% if (rb) { %>
<fmt:message key="<%= cause %>"/>
- <% } else { out.write(cause); } %>
+ <% } else { out.write(StringEscapeUtils.escapeHtml(cause)); } %>
</strong></div>
<% if (!isExternalInvocation && !paramInvok) { %>
<div class="pdfasverticalspace"></div>
@@ -99,7 +100,7 @@ pe.printStackTrace(pw);
sw.close();
pw.close();
- out.print(sw);
+ out.print(StringEscapeUtils.escapeHtml(sw.toString()));
}
%>
</pre>
|