AGentooCat/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Util: Allow backslash in XSS filter on Windows

Browse Source
This commit is contained in:
zzz
2018-02-06 21:52:02 +00:00
parent 172f0c9d95
commit b013173c86
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
apps/jetty/java/src/net/i2p/servlet/filters/XSSRequestWrapper.java
View File

@@ -13,13 +13,17 @@ import javax.servlet.http.HttpServletRequestWrapper;
import net.i2p.I2PAppContext;
import net.i2p.util.Log;
import net.i2p.util.SystemVersion;
/**
* @since 0.9.14
*/
public class XSSRequestWrapper extends HttpServletRequestWrapper {
// Adapted from https://owasp-esapi-java.googlecode.com/svn/trunk/configuration/esapi/ESAPI.properties
private static final Pattern parameterValuePattern = Pattern.compile("^[\\p{L}\\p{Nd}.,:\\-\\/+=~\\[\\]?@_ \r\n]*$");
private static final String NON_WIN_PATTERN = "^[\\p{L}\\p{Nd}.,:\\-\\/+=~\\[\\]?@_ \r\n]*$";
// Same as above but with backslash for file paths
private static final String WIN_PATTERN = "^[\\p{L}\\p{Nd}.,:\\-\\/+=~\\[\\]?@_ \r\n\\\\]*$";
private static final Pattern parameterValuePattern = Pattern.compile(SystemVersion.isWindows() ? WIN_PATTERN : NON_WIN_PATTERN);
private static final Pattern headerValuePattern = Pattern.compile("^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$");
private static final String NOFILTER = "nofilter_";