[xss] replaceJS
authorAsier Lostalé <asier.lostale@openbravo.com>
Fri, 14 Feb 2014 12:54:54 +0100
changeset 22097 244f648e594e
parent 22096 4d71887ac7e1
child 22098 ea370040d422
[xss] replaceJS
src-core/src/org/openbravo/utils/FormatUtilities.java
--- a/src-core/src/org/openbravo/utils/FormatUtilities.java	Fri Feb 14 12:30:51 2014 +0100
+++ b/src-core/src/org/openbravo/utils/FormatUtilities.java	Fri Feb 14 12:54:54 2014 +0100
@@ -1,6 +1,6 @@
 /*
  ************************************************************************************
- * Copyright (C) 2001-2010 Openbravo S.L.U.
+ * Copyright (C) 2001-2014 Openbravo S.L.U.
  * Licensed under the Apache Software License version 2.0
  * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
  * Unless required by applicable law or agreed to  in writing,  software  distributed
@@ -46,9 +46,11 @@
   }
 
   public static String replaceJS(String strIni, boolean isUnderQuotes) {
-    return Replace.replace(Replace.replace(Replace.replace(
-        Replace.replace(strIni, "'", (isUnderQuotes ? "\\'" : "&#039;")), "\"", "\\\""), "\n",
-        "\\n"), "\r", "");
+    return Replace
+        .replace(
+            Replace.replace(Replace.replace(
+                Replace.replace(strIni, "'", (isUnderQuotes ? "\\'" : "&#039;")), "\"", "\\\""),
+                "\n", "\\n"), "\r", "").replace("<", "\\<").replace(">", "\\>");
   }
 
   public static String sha1Base64(String text) throws ServletException {