head	1.2;
access;
symbols
	RELEASE_8_0_0:1.1
	RELEASE_7_2_0:1.1
	RELEASE_7_1_0:1.1
	RELEASE_6_4_0:1.1
	RELEASE_5_EOL:1.1
	RELEASE_7_0_0:1.1
	RELEASE_6_3_0:1.1
	PRE_XORG_7:1.1
	RELEASE_4_EOL:1.1
	RELEASE_6_2_0:1.1;
locks; strict;
comment	@# @;


1.2
date	2009.12.10.13.22.20;	author pav;	state dead;
branches;
next	1.1;

1.1
date	2006.09.11.12.56.36;	author lawrance;	state Exp;
branches;
next	;


desc
@@


1.2
log
@- Remove expired port jakarta-tomcat5
@
text
@--- webapps/jsp-examples/jsp2/jspx/textRotate.jspx.orig	Mon Sep 11 21:55:26 2006
+++ webapps/jsp-examples/jsp2/jspx/textRotate.jspx	Mon Sep 11 21:53:47 2006
@@@@ -6,11 +6,12 @@@@
 <svg xmlns="http://www.w3.org/2000/svg"
      width="450" height="500" viewBox="0 0 450 500"
      xmlns:c="http://java.sun.com/jsp/jstl/core"
+     xmlns:fn="http://java.sun.com/jsp/jstl/functions"
      xmlns:jsp="http://java.sun.com/JSP/Page">
   <jsp:directive.page contentType="image/svg+xml" />
   <title>JSP 2.0 JSPX</title>
   <!-- select name parameter, or default to JSPX -->
-  <c:set var="name" value='${empty param["name"] ? "JSPX" : param["name"]}'/>
+  <c:set var="name" value='${empty fn:escapeXml(param["name"]) ? "JSPX" : fn:escapeXml(param["name"])}'/>
   <g id="testContent">
     <text class="title" x="50%" y="10%" font-size="15" text-anchor="middle" >
             JSP 2.0 XML Syntax (.jspx) Demo</text>
--- webapps/jsp-examples/jsp2/el/functions.jsp.orig	Mon Sep 11 21:55:56 2006
+++ webapps/jsp-examples/jsp2/el/functions.jsp	Mon Sep 11 21:51:56 2006
@@@@ -13,6 +13,7 @@@@
   See the License for the specific language governing permissions and
   limitations under the License.
 -->
+<%@@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
 <%@@ taglib prefix="my" uri="http://jakarta.apache.org/tomcat/jsp2-example-taglib"%>
 
 <html>
@@@@ -30,7 +31,7 @@@@
     <blockquote>
       <u><b>Change Parameter</b></u>
       <form action="functions.jsp" method="GET">
-	  foo = <input type="text" name="foo" value="${param['foo']}">
+	  foo = <input type="text" name="foo" value="${fn:escapeXml(param["foo"])}">
           <input type="submit">
       </form>
       <br>
@@@@ -42,19 +43,19 @@@@
 	  </thead>
 	  <tr>
 	    <td>\${param["foo"]}</td>
-	    <td>${param["foo"]}&nbsp;</td>
+	    <td>${fn:escapeXml(param["foo"])}&nbsp;</td>
 	  </tr>
 	  <tr>
 	    <td>\${my:reverse(param["foo"])}</td>
-	    <td>${my:reverse(param["foo"])}&nbsp;</td>
+	    <td>${my:reverse(fn:escapeXml(param["foo"]))}&nbsp;</td>
 	  </tr>
 	  <tr>
 	    <td>\${my:reverse(my:reverse(param["foo"]))}</td>
-	    <td>${my:reverse(my:reverse(param["foo"]))}&nbsp;</td>
+	    <td>${my:reverse(my:reverse(fn:escapeXml(param["foo"])))}&nbsp;</td>
 	  </tr>
 	  <tr>
 	    <td>\${my:countVowels(param["foo"])}</td>
-	    <td>${my:countVowels(param["foo"])}&nbsp;</td>
+	    <td>${my:countVowels(fn:escapeXml(param["foo"]))}&nbsp;</td>
 	  </tr>
 	</table>
       </code>
--- webapps/jsp-examples/jsp2/el/implicit-objects.jsp.orig	Mon Sep 11 21:55:56 2006
+++ webapps/jsp-examples/jsp2/el/implicit-objects.jsp	Mon Sep 11 21:52:32 2006
@@@@ -13,6 +13,8 @@@@
   See the License for the specific language governing permissions and
   limitations under the License.
 -->
+<%@@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+
 <html>
   <head>
     <title>JSP 2.0 Expression Language - Implicit Objects</title>
@@@@ -49,7 +51,7 @@@@
     <blockquote>
       <u><b>Change Parameter</b></u>
       <form action="implicit-objects.jsp" method="GET">
-	  foo = <input type="text" name="foo" value="${param["foo"]}">
+	  foo = <input type="text" name="foo" value="${fn:escapeXml(param["foo"])}">
           <input type="submit">
       </form>
       <br>
@@@@ -61,11 +63,11 @@@@
 	  </thead>
 	  <tr>
 	    <td>\${param.foo}</td>
-	    <td>${param.foo}&nbsp;</td>
+	    <td>${fn:escapeXml(param["foo"])}&nbsp;</td>
 	  </tr>
 	  <tr>
 	    <td>\${param["foo"]}</td>
-	    <td>${param["foo"]}&nbsp;</td>
+	    <td>${fn:escapeXml(param["foo"])}&nbsp;</td>
 	  </tr>
 	  <tr>
 	    <td>\${header["host"]}</td>
@


1.1
log
@Patch for a minor cross site scripting vulnerability, and bump PORTREVISION.

PR:		ports/96468
Submitted by:	Yann Golanski <yg2@@york.ac.uk>
Security:	VuXML: 26a08c77-32da-4dd7-a884-a76fc49aa824
@
text
@@

