hiifong/pmd
1
0
Fork 0
forked from phoedos/pmd
Code Pull Requests Activity

Fix XSS in HTML renderer

Browse Source
This commit is contained in:
Sergey
2017-04-28 10:38:48 -07:00
parent 9fae304b6f
commit 985299b490
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pmd-core/src/main/java/net/sourceforge/pmd/renderers/HTMLRenderer.java
View File

@ -9,6 +9,8 @@ import java.io.Writer;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang.StringEscapeUtils;
import net.sourceforge.pmd.PMD;
import net.sourceforge.pmd.Report;
import net.sourceforge.pmd.RuleViolation;
@ -122,7 +124,7 @@ public class HTMLRenderer extends AbstractIncrementingRenderer {
buf.append("> " + PMD.EOL);
buf.append("<td align=\"center\">" + violationCount + "</td>" + PMD.EOL);
buf.append("<td width=\"*%\">"
+ maybeWrap(rv.getFilename(),
+ maybeWrap(StringEscapeUtils.escapeHtml(rv.getFilename()),
linePrefix == null ? "" : linePrefix + Integer.toString(rv.getBeginLine()))
+ "</td>" + PMD.EOL);
buf.append("<td align=\"center\" width=\"5%\">" + Integer.toString(rv.getBeginLine()) + "</td>" + PMD.EOL);