Changeset d12b531


Ignore:
Timestamp:
Apr 14, 2018 1:25:25 PM (2 years ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
ffad52e
Parents:
941db3a
Message:

Jetty: Fix quote in header line tripping XSS filter (ticket #2215)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • apps/jetty/java/src/net/i2p/servlet/filters/XSSRequestWrapper.java

    r941db3a rd12b531  
    2525    private static final String WIN_PATTERN     = "^[\\p{L}\\p{Nd}.,:\\-\\/+=~\\[\\]?@_ \r\n\\\\]*$";
    2626    private static final Pattern parameterValuePattern = Pattern.compile(SystemVersion.isWindows() ? WIN_PATTERN : NON_WIN_PATTERN);
    27     private static final Pattern headerValuePattern = Pattern.compile("^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$");
     27    private static final Pattern headerValuePattern = Pattern.compile("^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ \"]*$");
    2828    private static final String NOFILTER = "nofilter_";
    2929
Note: See TracChangeset for help on using the changeset viewer.