Skip to content

Commit

Permalink
fix: Escape the display name. (#593)
Browse files Browse the repository at this point in the history
  • Loading branch information
@bgrozev
bgrozev authored Sep 22, 2020
1 parent a382d32 commit d7c66dc
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion src/main/java/org/jitsi/jicofo/auth/ShibbolethHandler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
*/
package org.jitsi.jicofo.auth;

import com.google.common.html.*;
import org.eclipse.jetty.server.*;
import org.eclipse.jetty.server.handler.*;

Expand Down Expand Up @@ -240,7 +241,7 @@ private void doHandle(
boolean close = "true".equalsIgnoreCase(request.getParameter("close"));

responseWriter.println("<html><head><head/><body>");
responseWriter.println("<h1>Hello " + displayName + "!<h1/>");
responseWriter.println("<h1>Hello " + HtmlEscapers.htmlEscaper().escape(displayName) + "!<h1/>");
if (!close)
{
responseWriter.println(
Expand Down

0 comments on commit d7c66dc

Please sign in to comment.