From: markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Date: Fri, 6 Mar 2009 14:46:47 +0000 (+0000)
Subject: Fix XSS in examples web application.
X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=14b175c3fb9dde1fdc5ffd36c4746e28066ba3a2;p=tomcat7.0

Fix XSS in examples web application.
This is CVE-2009-0781.
Security page updates and formal announcement to follow.

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@750921 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/webapps/examples/jsp/cal/cal2.jsp b/webapps/examples/jsp/cal/cal2.jsp
index 8315b7e84..636eaf0bc 100644
--- a/webapps/examples/jsp/cal/cal2.jsp
+++ b/webapps/examples/jsp/cal/cal2.jsp
@@ -35,7 +35,7 @@
 <FORM METHOD=POST ACTION=cal1.jsp>
 <BR> 
 <BR> <INPUT NAME="date" TYPE=HIDDEN VALUE="current">
-<BR> <INPUT NAME="time" TYPE=HIDDEN VALUE=<%= util.HTMLFilter.filter(time) %>
+<BR> <INPUT NAME="time" TYPE=HIDDEN VALUE="<%= util.HTMLFilter.filter(time) %>">
 <BR> <h2> Description of the event <INPUT NAME="description" TYPE=TEXT SIZE=20> </h2>
 <BR> <INPUT TYPE=SUBMIT VALUE="submit">
 </FORM>