Google Git
Sign in
eclipse / platform / eclipse.platform.ua / refs/tags/r34x_20110216^! / .
commitf297eedba7f22818fb0a88439b0a6ff33e54525a[log] [tgz]
authorChris Goldthorpe <cgoldthor>Wed Feb 16 22:22:03 2011 +0000
committerChris Goldthorpe <cgoldthor>Wed Feb 16 22:22:03 2011 +0000
treea6318e6d188faaa221348cab2ce46a3beee2e1ed
parent515dc63e80df85db1255219b7bb24cb855500532 [diff]
Bug 329582 - [Webapp][Security] Eclipse Help Server XSS - fix in 3.4 maintenance stream

diff --git a/org.eclipse.help.webapp/META-INF/MANIFEST.MF b/org.eclipse.help.webapp/META-INF/MANIFEST.MF
index c46a7bd..ad222be 100644
--- a/org.eclipse.help.webapp/META-INF/MANIFEST.MF
+++ b/org.eclipse.help.webapp/META-INF/MANIFEST.MF

@@ -2,7 +2,7 @@
 Bundle-ManifestVersion: 2
 Bundle-Name: %help_webapp_plugin_name
 Bundle-SymbolicName: org.eclipse.help.webapp;singleton:=true
-Bundle-Version: 3.3.104.qualifier
+Bundle-Version: 3.3.105.qualifier
 Bundle-Activator: org.eclipse.help.internal.webapp.HelpWebappPlugin
 Bundle-Vendor: %providerName
 Bundle-Localization: plugin

diff --git a/org.eclipse.help.webapp/advanced/content.jsp b/org.eclipse.help.webapp/advanced/content.jsp
index fc9998f..73712b4 100644
--- a/org.eclipse.help.webapp/advanced/content.jsp
+++ b/org.eclipse.help.webapp/advanced/content.jsp

@@ -46,7 +46,7 @@
 
 
 <frameset id="contentFrameset" rows="24,*" frameborder="0" framespacing="0" border=0 spacing=0>
-	<frame name="ContentToolbarFrame" title="<%=ServletResources.getString("topicViewToolbar", request)%>" src='<%="contentToolbar.jsp"+data.getQuery()%>'  marginwidth="0" marginheight="0" scrolling="no" frameborder="0" noresize=0>
+	<frame name="ContentToolbarFrame" title="<%=ServletResources.getString("topicViewToolbar", request)%>" src='<%="contentToolbar.jsp"+UrlUtil.htmlEncode(data.getQuery())%>'  marginwidth="0" marginheight="0" scrolling="no" frameborder="0" noresize=0>
 	<frame ACCESSKEY="K" name="ContentViewFrame" title="<%=ServletResources.getString("topicView", request)%>" src='<%=UrlUtil.htmlEncode(data.getContentURL())%>'  marginwidth="10"<%=(data.isIE() && "6.0".compareTo(data.getIEVersion()) <=0)?"scrolling=\"yes\"":""%> marginheight="0" frameborder="0" >
 </frameset>
 

diff --git a/org.eclipse.help.webapp/advanced/toolbar.jsp b/org.eclipse.help.webapp/advanced/toolbar.jsp
index fd46d9c..ebe882a 100644
--- a/org.eclipse.help.webapp/advanced/toolbar.jsp
+++ b/org.eclipse.help.webapp/advanced/toolbar.jsp

@@ -175,8 +175,12 @@
 function registerMaximizedChangedListener(){
 	// get to the frameset
 	var p = parent;
-	while (p && !p.registerMaximizeListener)
+	while (p && !p.registerMaximizeListener) {	   
+	    if (p === p.parent)  {
+	        return;
+        }
 		p = p.parent;
+	}
 	
 	if (p!= null){
 		p.registerMaximizeListener('<%=UrlUtil.JavaScriptEncode(data.getName())%>Toolbar', maximizedChanged);
@@ -206,8 +210,12 @@
 function toggleFrame(){
 	// get to the frameset
 	var p = parent;
-	while (p && !p.toggleFrame)
+	while (p && !p.toggleFrame) {
+	    if (p === p.parent)  {
+	        return;
+        }
 		p = p.parent;
+	}
 	
 	if (p!= null){
 		p.toggleFrame('<%=UrlUtil.JavaScriptEncode(data.getTitle())%>');