*) Safer way to avoid XSS in wiki (edit & preview).

git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@1761 6c8d7289-2bf4-0310-a012-ef5d649a1542

htroot/Wiki.java

@@ -118,7 +118,7 @@ public class Wiki {
             try {
                 prop.put("mode", 1); //edit
                 prop.put("mode_author", author);
-                prop.put("mode_page-code", new String(page.page(), "UTF-8").replaceAll("</textarea>","<&#047;textarea>"));
+                prop.put("mode_page-code", new String(page.page(), "UTF-8").replaceAll("<","&lt;").replaceAll(">","&gt;"));
                 prop.put("mode_pagename", pagename);
             } catch (UnsupportedEncodingException e) {}
         }
@@ -132,7 +132,7 @@ public class Wiki {
             prop.put("mode_author", author);
             prop.put("mode_date", dateString(new Date()));
             prop.put("mode_page", wikiTransformer.transform(post.get("content", "")));
-            prop.put("mode_page-code", post.get("content", "").replaceAll("</textarea>","<&#047;textarea>"));
+            prop.put("mode_page-code", post.get("content", "").replaceAll("<","&lt;").replaceAll(">","&gt;"));
         }
         //end contrib of [MN]