Skip to content

Commit

Permalink
fix(jans-auth-server): escape login_hint before rendering
Browse files Browse the repository at this point in the history 
GluuFederation/oxAuth#1657
  • Loading branch information
@yuriyz
yuriyz committed Mar 31, 2022
1 parent 2f2f82c commit e1a682a
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
3 changes: 2 additions & 1 deletion jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizeAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@
import io.jans.util.StringHelper;
import io.jans.util.ilocale.LocaleUtil;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.text.StringEscapeUtils;
import org.apache.logging.log4j.util.Strings;
import org.slf4j.Logger;

Expand Down Expand Up @@ -735,7 +736,7 @@ public String getLoginHint() {
}

public void setLoginHint(String loginHint) {
this.loginHint = loginHint;
this.loginHint = StringEscapeUtils.escapeEcmaScript(loginHint);
}

public String getAcrValues() {
Expand Down
1 change: 0 additions & 1 deletion jans-auth-server/server/src/main/webapp/login.xhtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@
template="/WEB-INF/incl/layout/login-template.xhtml">
<f:metadata>
<f:viewAction action="#{authenticator.prepareAuthenticationForStep}" />
<f:viewParam name="login_hint" value="#{authorizeAction.loginHint}" />
</f:metadata>
<ui:define name="head">
<meta name="description" content="Gluu, Inc." />
Expand Down

0 comments on commit e1a682a

Please sign in to comment.