zervo/seb-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix security issue Checkmarx

Browse source
This commit is contained in:
anhefti 2022-02-10 12:20:14 +01:00
parent 9e4ed72640
commit cfebca5270
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/main/java/ch/ethz/seb/sebserver/gui/widget/PasswordInput.java
View file

@ -19,6 +19,7 @@ import org.eclipse.swt.widgets.Event;
import org.eclipse.swt.widgets.Text;
import ch.ethz.seb.sebserver.gbl.Constants;
import ch.ethz.seb.sebserver.gbl.util.Utils;
import ch.ethz.seb.sebserver.gui.service.i18n.LocTextKey;
import ch.ethz.seb.sebserver.gui.service.page.PageService;
@ -138,7 +139,9 @@ public class PasswordInput extends Composite {
public void setValue(final CharSequence value) {
if (this.passwordInputField != null) {
this.passwordInputField.setText(value != null ? value.toString() : StringUtils.EMPTY);
this.passwordInputField.setText(value != null
? Utils.escapeHTML_XML_EcmaScript(value.toString())
: StringUtils.EMPTY);
if (StringUtils.endsWith(value, Constants.IMPORTED_PASSWORD_MARKER)) {
this.visibilityButton.setEnabled(false);
}