From 51a51ecd6b318e8c3bc1fe095e09d20f2798080b Mon Sep 17 00:00:00 2001 From: Manish Kumar Date: Wed, 17 Jul 2024 13:52:19 +0530 Subject: [PATCH] [PRODSEC-8922] fix xss vulnerability --- packaging/war/pom.xml | 5 +++++ packaging/war/src/main/webapp/index.jsp | 3 ++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/packaging/war/pom.xml b/packaging/war/pom.xml index 9b022dbdf5..ed956ad6a6 100644 --- a/packaging/war/pom.xml +++ b/packaging/war/pom.xml @@ -110,6 +110,11 @@ mysql-connector-java test + + org.owasp.encoder + encoder + 1.2.3 + diff --git a/packaging/war/src/main/webapp/index.jsp b/packaging/war/src/main/webapp/index.jsp index 97357660e6..3628992c3b 100644 --- a/packaging/war/src/main/webapp/index.jsp +++ b/packaging/war/src/main/webapp/index.jsp @@ -34,6 +34,7 @@ <%@ page import="org.alfresco.service.cmr.module.ModuleDetails" %> <%@ page import="org.alfresco.service.cmr.module.ModuleInstallState" %> <%@ page import="java.util.Calendar" %> +<%@ page import="org.owasp.encoder.Encode" %> <% @@ -88,7 +89,7 @@ ModuleDetails shareServicesModule = moduleService.getModule("alfresco-share-serv

Alfresco WebScripts Home (admin only - INTERNAL)

-

Alfresco API Explorer

+

Alfresco API Explorer

<% if (descriptorService.getLicenseDescriptor() == null && transactionService.isReadOnly()) {