From 0b86af585925d0639ff166dc84972bc18f9abada Mon Sep 17 00:00:00 2001
From: anhefti <andreas.hefti@let.ethz.ch>
Date: Thu, 23 Jun 2022 15:26:32 +0200
Subject: [PATCH] fixed security bug

---
 .../java/ch/ethz/seb/sebserver/gui/widget/PasswordInput.java  | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/main/java/ch/ethz/seb/sebserver/gui/widget/PasswordInput.java b/src/main/java/ch/ethz/seb/sebserver/gui/widget/PasswordInput.java
index 94d7bbca..fc0965be 100644
--- a/src/main/java/ch/ethz/seb/sebserver/gui/widget/PasswordInput.java
+++ b/src/main/java/ch/ethz/seb/sebserver/gui/widget/PasswordInput.java
@@ -97,7 +97,9 @@ public class PasswordInput extends Composite {
                 SWT.LEFT | SWT.BORDER | (buildPassword ? SWT.PASSWORD : SWT.NONE));
         final GridData gridData = new GridData(SWT.FILL, SWT.FILL, true, true);
         passwordInput.setLayoutData(gridData);
-        passwordInput.setText(value != null ? value : StringUtils.EMPTY);
+        passwordInput.setText(value != null
+                ? Utils.escapeHTML_XML_EcmaScript(value)
+                : StringUtils.EMPTY);
         if (!buildPassword) {
             passwordInput.setEditable(false);
         } else {