*) Fixed another XSS vulnerability. By adding </textarea>[add nasty text/commands here] it was possible to mess up the edit and the preview page.

git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@1756 6c8d7289-2bf4-0310-a012-ef5d649a1542

htroot/Wiki.java

@@ -118,7 +118,7 @@ public class Wiki {
             try {
                 prop.put("mode", 1); //edit
                 prop.put("mode_author", author);
-                prop.put("mode_page-code", new String(page.page(), "UTF-8"));
+                prop.put("mode_page-code", new String(page.page(), "UTF-8").replaceAll("</textarea>","<&#047;textarea>"));
                 prop.put("mode_pagename", pagename);
             } catch (UnsupportedEncodingException e) {}
         }
@@ -132,7 +132,7 @@ public class Wiki {
             prop.put("mode_author", author);
             prop.put("mode_date", dateString(new Date()));
             prop.put("mode_page", wikiTransformer.transform(post.get("content", "")));
-            prop.put("mode_page-code", post.get("content", ""));
+            prop.put("mode_page-code", post.get("content", "").replaceAll("</textarea>","<&#047;textarea>"));
         }
         //end contrib of [MN]