From 930bd4a5f6c587489b6a39eb0184996cf80da654 Mon Sep 17 00:00:00 2001
From: low012 <low012@6c8d7289-2bf4-0310-a012-ef5d649a1542>
Date: Fri, 24 Feb 2006 16:24:53 +0000
Subject: [PATCH] *) Safer way to avoid XSS in wiki (edit & preview).

git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@1761 6c8d7289-2bf4-0310-a012-ef5d649a1542
---
 htroot/Wiki.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htroot/Wiki.java b/htroot/Wiki.java
index c92f06f24..20d7b8651 100644
--- a/htroot/Wiki.java
+++ b/htroot/Wiki.java
@@ -118,7 +118,7 @@ public class Wiki {
             try {
                 prop.put("mode", 1); //edit
                 prop.put("mode_author", author);
-                prop.put("mode_page-code", new String(page.page(), "UTF-8").replaceAll("</textarea>","<&#047;textarea>"));
+                prop.put("mode_page-code", new String(page.page(), "UTF-8").replaceAll("<","&lt;").replaceAll(">","&gt;"));
                 prop.put("mode_pagename", pagename);
             } catch (UnsupportedEncodingException e) {}
         }
@@ -132,7 +132,7 @@ public class Wiki {
             prop.put("mode_author", author);
             prop.put("mode_date", dateString(new Date()));
             prop.put("mode_page", wikiTransformer.transform(post.get("content", "")));
-            prop.put("mode_page-code", post.get("content", "").replaceAll("</textarea>","<&#047;textarea>"));
+            prop.put("mode_page-code", post.get("content", "").replaceAll("<","&lt;").replaceAll(">","&gt;"));
         }
         //end contrib of [MN]