[353260] JAX-RPC Sample JSP generator should produce Web samples that are not vulnerable to XSS
diff --git a/bundles/org.eclipse.jst.ws.consumption/META-INF/MANIFEST.MF b/bundles/org.eclipse.jst.ws.consumption/META-INF/MANIFEST.MF
index ad28ef0..d2b5138 100644
--- a/bundles/org.eclipse.jst.ws.consumption/META-INF/MANIFEST.MF
+++ b/bundles/org.eclipse.jst.ws.consumption/META-INF/MANIFEST.MF
@@ -2,7 +2,7 @@
Bundle-ManifestVersion: 2
Bundle-Name: %PLUGIN_NAME
Bundle-SymbolicName: org.eclipse.jst.ws.consumption; singleton:=true
-Bundle-Version: 1.0.508.qualifier
+Bundle-Version: 1.0.509.qualifier
Bundle-ClassPath: .,
webserviceutils.jar
Bundle-Activator: org.eclipse.jst.ws.internal.consumption.plugin.WebServiceConsumptionPlugin
diff --git a/bundles/org.eclipse.jst.ws.consumption/src/org/eclipse/jst/ws/internal/consumption/sampleapp/codegen/InputFileGenerator.java b/bundles/org.eclipse.jst.ws.consumption/src/org/eclipse/jst/ws/internal/consumption/sampleapp/codegen/InputFileGenerator.java
index d744f52..0c170a0 100644
--- a/bundles/org.eclipse.jst.ws.consumption/src/org/eclipse/jst/ws/internal/consumption/sampleapp/codegen/InputFileGenerator.java
+++ b/bundles/org.eclipse.jst.ws.consumption/src/org/eclipse/jst/ws/internal/consumption/sampleapp/codegen/InputFileGenerator.java
@@ -1,5 +1,5 @@
/*******************************************************************************
- * Copyright (c) 2000, 2009 IBM Corporation and others.
+ * Copyright (c) 2000, 2011 IBM Corporation and others.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
@@ -8,6 +8,7 @@
* Contributors:
* IBM Corporation - initial API and implementation
* bug 296245 - Yen Lu - yenlu@ca.ibm.com - Input.jsp produces malformed HTML
+ * bug 353269 - Ivan Castro Alvarez - JAX-RPC Sample JSP generator should produce Web samples that are not vulnerable to XSS
*******************************************************************************/
@@ -96,7 +97,7 @@
fbuffer.append("valid = false;" + StringUtils.NEWLINE);
fbuffer.append("%>" + StringUtils.NEWLINE);
fbuffer.append("<FORM METHOD=\"POST\" ACTION=\"" + fResultName + "\" TARGET=\"result\">" + StringUtils.NEWLINE);
- fbuffer.append("<INPUT TYPE=\"HIDDEN\" NAME=\"method\" VALUE=\"<%=method%>\">" + StringUtils.NEWLINE);
+ fbuffer.append("<INPUT TYPE=\"HIDDEN\" NAME=\"method\" VALUE=\"<%=org.eclipse.jst.ws.util.JspUtils.markup(method)%>\">" + StringUtils.NEWLINE);
fbuffer.append("<TABLE>" + StringUtils.NEWLINE);
fbuffer.append("<TR>" + StringUtils.NEWLINE);
fbuffer.append("<TD COLSPAN=\"1\" ALIGN=\"LEFT\">URLString:</TD>" + StringUtils.NEWLINE);
@@ -113,7 +114,7 @@
fbuffer.append("valid = false;" + StringUtils.NEWLINE);
fbuffer.append("%>" + StringUtils.NEWLINE);
fbuffer.append("<FORM METHOD=\"POST\" ACTION=\"" + fResultName + "\" TARGET=\"result\">" + StringUtils.NEWLINE);
- fbuffer.append("<INPUT TYPE=\"HIDDEN\" NAME=\"method\" VALUE=\"<%=method%>\">" + StringUtils.NEWLINE);
+ fbuffer.append("<INPUT TYPE=\"HIDDEN\" NAME=\"method\" VALUE=\"<%=org.eclipse.jst.ws.util.JspUtils.markup(method)%>\">" + StringUtils.NEWLINE);
fbuffer.append("<BR>" + StringUtils.NEWLINE);
fbuffer.append("<INPUT TYPE=\"SUBMIT\" VALUE=\"Invoke\">" + StringUtils.NEWLINE);
fbuffer.append("<INPUT TYPE=\"RESET\" VALUE=\"Clear\">" + StringUtils.NEWLINE);
diff --git a/bundles/org.eclipse.jst.ws.consumption/src/org/eclipse/jst/ws/internal/consumption/sampleapp/codegen/InputFileHelp1Generator.java b/bundles/org.eclipse.jst.ws.consumption/src/org/eclipse/jst/ws/internal/consumption/sampleapp/codegen/InputFileHelp1Generator.java
index c46105f..d6043ba 100644
--- a/bundles/org.eclipse.jst.ws.consumption/src/org/eclipse/jst/ws/internal/consumption/sampleapp/codegen/InputFileHelp1Generator.java
+++ b/bundles/org.eclipse.jst.ws.consumption/src/org/eclipse/jst/ws/internal/consumption/sampleapp/codegen/InputFileHelp1Generator.java
@@ -1,5 +1,5 @@
/*******************************************************************************
- * Copyright (c) 2000, 2005 IBM Corporation and others.
+ * Copyright (c) 2000, 2011 IBM Corporation and others.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
@@ -7,6 +7,7 @@
*
* Contributors:
* IBM Corporation - initial API and implementation
+ * bug 353269 - Ivan Castro Alvarez - JAX-RPC Sample JSP generator should produce Web samples that are not vulnerable to XSS
*******************************************************************************/
@@ -70,7 +71,7 @@
fbuffer.append("valid = false;" + StringUtils.NEWLINE);
fbuffer.append("%>" + StringUtils.NEWLINE);
fbuffer.append("<FORM METHOD=\"POST\" ACTION=\"" + fResultName + "\" TARGET=\"result\">" + StringUtils.NEWLINE);
- fbuffer.append("<INPUT TYPE=\"HIDDEN\" NAME=\"method\" VALUE=\"<%=method%>\">" + StringUtils.NEWLINE);
+ fbuffer.append("<INPUT TYPE=\"HIDDEN\" NAME=\"method\" VALUE=\"<%=org.eclipse.jst.ws.util.JspUtils.markup(method)%>\">" + StringUtils.NEWLINE);
// go to the next generator
InputFileHelp2Generator inputFileHelp2Generator = new InputFileHelp2Generator(fbuffer);
diff --git a/bundles/org.eclipse.jst.ws.consumption/src/org/eclipse/jst/ws/internal/consumption/sampleapp/codegen/TestClientFileGenerator.java b/bundles/org.eclipse.jst.ws.consumption/src/org/eclipse/jst/ws/internal/consumption/sampleapp/codegen/TestClientFileGenerator.java
index 04714bb..b76d70c 100644
--- a/bundles/org.eclipse.jst.ws.consumption/src/org/eclipse/jst/ws/internal/consumption/sampleapp/codegen/TestClientFileGenerator.java
+++ b/bundles/org.eclipse.jst.ws.consumption/src/org/eclipse/jst/ws/internal/consumption/sampleapp/codegen/TestClientFileGenerator.java
@@ -1,5 +1,5 @@
/*******************************************************************************
- * Copyright (c) 2000, 2005 IBM Corporation and others.
+ * Copyright (c) 2000, 2011 IBM Corporation and others.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
@@ -7,6 +7,7 @@
*
* Contributors:
* IBM Corporation - initial API and implementation
+ * bug 353269 - Ivan Castro Alvarez - JAX-RPC Sample JSP generator should produce Web samples that are not vulnerable to XSS
*******************************************************************************/
package org.eclipse.jst.ws.internal.consumption.sampleapp.codegen;
@@ -71,7 +72,7 @@
fbuffer.append("resultJSP.append(resultObj.toString()).append(\"=\").append(request.getParameter(resultObj.toString())).append(\"&\");").append(StringUtils.NEWLINE);
fbuffer.append("}").append(StringUtils.NEWLINE);
fbuffer.append("%>").append(StringUtils.NEWLINE);
- fbuffer.append("<FRAME SRC=\"<%=resultJSP.toString()%>\" NAME=\"result\" MARGINWIDTH=\"1\" MARGINHEIGHT=\"1\" SCROLLING=\"yes\" FRAMEBORDER=\"1\">" + StringUtils.NEWLINE);
+ fbuffer.append("<FRAME SRC=\"<%=org.eclipse.jst.ws.util.JspUtils.markup(resultJSP.toString())%>\" NAME=\"result\" MARGINWIDTH=\"1\" MARGINHEIGHT=\"1\" SCROLLING=\"yes\" FRAMEBORDER=\"1\">" + StringUtils.NEWLINE);
fbuffer.append("</FRAMESET>" + StringUtils.NEWLINE);
