Skip to content

fix: port security improvement (XSS) from Felix WebConsole#2729

Open
jbonofre wants to merge 1 commit into
apache:karaf-4.4.xfrom
jbonofre:fix/gh-2719-felix-webconsole-cve
Open

fix: port security improvement (XSS) from Felix WebConsole#2729
jbonofre wants to merge 1 commit into
apache:karaf-4.4.xfrom
jbonofre:fix/gh-2719-felix-webconsole-cve

Conversation

@jbonofre

Copy link
Copy Markdown
Member

This closes #2719

* specific language governing permissions and limitations
* under the License.
*/
package org.apache.felix.webconsole.internal.core;

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

}


private static String escapeJavaScript( final String input )

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@holgerfriedrich

Copy link
Copy Markdown
Contributor

Good to have a workaround. This webconsole warning was long time around and we simply could not upgrade due to jakarta switch.
As you already pointed out in the corresponding issue: scanners will continue to flag this though we have the mitigation in place.

I'd just recommend the two references above to be added, otherwise LGTM.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants