commit 591fc06a679037f97490cbb0074ce34db6e9dbd0
author kchong <kchong> Thu Jan 26 20:30:27 2012 +0000
committer kchong <kchong> Thu Jan 26 20:30:27 2012 +0000
tree 319defce93b39ea1f6c031e6918bfb2f4ae212e9
parent 085c2b85a2b45805ade33420fb49ac03bfd44dee

[356091] JAX-RPC sample generator still vulnerable to cross site scripting (XSS)

bundles/org.eclipse.jst.ws.consumption/META-INF/MANIFEST.MF

diff --git a/bundles/org.eclipse.jst.ws.consumption/META-INF/MANIFEST.MF b/bundles/org.eclipse.jst.ws.consumption/META-INF/MANIFEST.MF
index 65cb87e..5c56d21 100644
--- a/bundles/org.eclipse.jst.ws.consumption/META-INF/MANIFEST.MF
+++ b/bundles/org.eclipse.jst.ws.consumption/META-INF/MANIFEST.MF
@@ -2,7 +2,7 @@
 Bundle-ManifestVersion: 2
 Bundle-Name: %PLUGIN_NAME
 Bundle-SymbolicName: org.eclipse.jst.ws.consumption; singleton:=true
-Bundle-Version: 1.0.602.qualifier
+Bundle-Version: 1.0.603.qualifier
 Bundle-ClassPath: .,
  webserviceutils.jar
 Bundle-Activator: org.eclipse.jst.ws.internal.consumption.plugin.WebServiceConsumptionPlugin

bundles/org.eclipse.jst.ws.consumption/src/org/eclipse/jst/ws/internal/consumption/sampleapp/codegen/ResultFileGenerator.java

diff --git a/bundles/org.eclipse.jst.ws.consumption/src/org/eclipse/jst/ws/internal/consumption/sampleapp/codegen/ResultFileGenerator.java b/bundles/org.eclipse.jst.ws.consumption/src/org/eclipse/jst/ws/internal/consumption/sampleapp/codegen/ResultFileGenerator.java
index 0427721..503122e 100644
--- a/bundles/org.eclipse.jst.ws.consumption/src/org/eclipse/jst/ws/internal/consumption/sampleapp/codegen/ResultFileGenerator.java
+++ b/bundles/org.eclipse.jst.ws.consumption/src/org/eclipse/jst/ws/internal/consumption/sampleapp/codegen/ResultFileGenerator.java
@@ -1,5 +1,5 @@
 /*******************************************************************************
- * Copyright (c) 2000, 2006 IBM Corporation and others.
+ * Copyright (c) 2000, 2012 IBM Corporation and others.
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License v1.0
  * which accompanies this distribution, and is available at
@@ -117,7 +117,8 @@
       fbuffer.append("}" + StringUtils.NEWLINE);    
       fbuffer.append("} catch (Exception e) { " + StringUtils.NEWLINE);
       fbuffer.append("%>" + StringUtils.NEWLINE);
-      fbuffer.append("exception: <%= e %>" + StringUtils.NEWLINE);
+      fbuffer.append("Exception: <%= org.eclipse.jst.ws.util.JspUtils.markup(e.toString()) %>" + StringUtils.NEWLINE);
+      fbuffer.append("Message: <%= org.eclipse.jst.ws.util.JspUtils.markup(e.getMessage()) %>"  + StringUtils.NEWLINE);
       fbuffer.append("<%" + StringUtils.NEWLINE);
       fbuffer.append("return;" + StringUtils.NEWLINE);
       fbuffer.append("}" + StringUtils.NEWLINE);