FELIX-4746 : Escape outputting filter parameter in service servlet git-svn-id: https://svn.apache.org/repos/asf/felix/trunk@1649518 13f79535-47bb-0310-9956-ffa450edef68

commit: 24c9becc1fca3cf9f0f460f7afad259f64c628dc [log] [tgz]
author: Carsten Ziegeler <cziegeler@apache.org> Mon Jan 05 12:54:56 2015 +0000
committer: Carsten Ziegeler <cziegeler@apache.org> Mon Jan 05 12:54:56 2015 +0000
tree: af249086be032e035e1cfc2d6bbe53f38c23bd09
parent: 3b17bbf0e2b61da594257a5f34bbab66f2ff7846 [diff]
diff --git a/webconsole/src/main/java/org/apache/felix/webconsole/internal/core/ServicesServlet.java b/webconsole/src/main/java/org/apache/felix/webconsole/internal/core/ServicesServlet.java
index e6efe0a..22e1d96 100644
--- a/webconsole/src/main/java/org/apache/felix/webconsole/internal/core/ServicesServlet.java
+++ b/webconsole/src/main/java/org/apache/felix/webconsole/internal/core/ServicesServlet.java

@@ -416,7 +416,7 @@
         vars.put( "bundlePath", appRoot +  "/" + BundlesServlet.NAME + "/" );
         vars.put( "drawDetails", String.valueOf(reqInfo.serviceRequested));
         vars.put( "__data__", w.toString() );
-        vars.put( "filter", filter == null ? "" : filter);
+        vars.put( "filter", filter == null ? "" : WebConsoleUtil.escapeHtml(filter));
 
         response.getWriter().print( TEMPLATE );
     }
commit	24c9becc1fca3cf9f0f460f7afad259f64c628dc	[log] [tgz]
author	Carsten Ziegeler <cziegeler@apache.org>	Mon Jan 05 12:54:56 2015 +0000
committer	Carsten Ziegeler <cziegeler@apache.org>	Mon Jan 05 12:54:56 2015 +0000
tree	af249086be032e035e1cfc2d6bbe53f38c23bd09
parent	3b17bbf0e2b61da594257a5f34bbab66f2ff7846 [diff]