ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2025-01-18 18:56:28 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Escape any unsafe HTML characters in legalName for error page. (#573)

Browse Source
This commit is contained in:
Chris Rankin 2017-04-24 13:56:45 +01:00 committed by GitHub
parent 39ca3c96f9
commit 9425b7c927
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
webserver/src/main/kotlin/net/corda/webserver/internal/NodeWebServer.kt
View File

@ -1,5 +1,6 @@
package net.corda.webserver.internal package net.corda.webserver.internal
import com.google.common.html.HtmlEscapers.htmlEscaper
import net.corda.client.rpc.CordaRPCClient import net.corda.client.rpc.CordaRPCClient
import net.corda.core.messaging.CordaRPCOps import net.corda.core.messaging.CordaRPCOps
import net.corda.core.node.CordaPluginRegistry import net.corda.core.node.CordaPluginRegistry
@ -109,18 +110,19 @@ class NodeWebServer(val config: WebServerConfig) {
} }
private fun buildServletContextHandler(localRpc: CordaRPCOps): ServletContextHandler { private fun buildServletContextHandler(localRpc: CordaRPCOps): ServletContextHandler {
val safeLegalName = htmlEscaper().escape(config.myLegalName)
return ServletContextHandler().apply { return ServletContextHandler().apply {
contextPath = "/" contextPath = "/"
errorHandler = object : ErrorHandler() { errorHandler = object : ErrorHandler() {
@Throws(IOException::class) @Throws(IOException::class)
override fun writeErrorPageHead(request: HttpServletRequest, writer: Writer, code: Int, message: String) { override fun writeErrorPageHead(request: HttpServletRequest, writer: Writer, code: Int, message: String) {
writer.write("<meta http-equiv=\"Content-Type\" content=\"text/html;charset=utf-8\"/>\n") writer.write("<meta http-equiv=\"Content-Type\" content=\"text/html;charset=utf-8\"/>\n")
writer.write("<title>Corda ${config.myLegalName} : Error $code</title>\n") writer.write("<title>Corda $safeLegalName : Error $code</title>\n")
} }
@Throws(IOException::class) @Throws(IOException::class)
override fun writeErrorPageMessage(request: HttpServletRequest, writer: Writer, code: Int, message: String , uri: String) { override fun writeErrorPageMessage(request: HttpServletRequest, writer: Writer, code: Int, message: String , uri: String) {
writer.write("<h1>Corda ${config.myLegalName}</h1>\n") writer.write("<h1>Corda $safeLegalName</h1>\n")
super.writeErrorPageMessage(request, writer, code, message, uri) super.writeErrorPageMessage(request, writer, code, message, uri)
} }
} }