diff options
| author | Micael Karlberg <[email protected]> | 2011-09-15 09:43:48 +0200 |
|---|---|---|
| committer | Micael Karlberg <[email protected]> | 2011-09-15 09:43:48 +0200 |
| commit | 98fd9df4c4a04554fd2f707ca9ea2d674fad984d (patch) | |
| tree | 8861e1e85f352d828cf31f0690feaae63c0088bd /lib/inets/doc | |
| parent | 50261525973798faf7f62ea02356447b16e5fc56 (diff) | |
| download | otp-98fd9df4c4a04554fd2f707ca9ea2d674fad984d.tar.gz otp-98fd9df4c4a04554fd2f707ca9ea2d674fad984d.tar.bz2 otp-98fd9df4c4a04554fd2f707ca9ea2d674fad984d.zip | |
Updated http-server to make sure URLs in error-messages
are URL-encoded. Added support in http-client to use
URL-encoding. Also added the missing include directory
for the inets application.
OTP-8940
[httpd] Prevent XSS in error pages.
Prevent user controlled input from being interpreted
as HTML in error pages by encoding the reserved HTML
characters.
Michael Santos
OTP-9124
Diffstat (limited to 'lib/inets/doc')
| -rw-r--r-- | lib/inets/doc/src/http_client.xml | 6 | ||||
| -rw-r--r-- | lib/inets/doc/src/httpd.xml | 4 | ||||
| -rw-r--r-- | lib/inets/doc/src/notes.xml | 31 |
3 files changed, 34 insertions, 7 deletions
diff --git a/lib/inets/doc/src/http_client.xml b/lib/inets/doc/src/http_client.xml index ea8053cafa..49327ca80f 100644 --- a/lib/inets/doc/src/http_client.xml +++ b/lib/inets/doc/src/http_client.xml @@ -1,10 +1,10 @@ -<?xml version="1.0" encoding="latin1" ?> +<?xml version="1.0" encoding="iso-8859-1" ?> <!DOCTYPE chapter SYSTEM "chapter.dtd"> <chapter> <header> <copyright> - <year>2004</year><year>2010</year> + <year>2004</year><year>2011</year> <holder>Ericsson AB. All Rights Reserved.</holder> </copyright> <legalnotice> @@ -57,7 +57,7 @@ [{inets, [{services, [{httpc, PropertyList}]}]}] </pre> <p>For valid properties see - <seealso marker="http">httpc(3)</seealso>. </p> + <seealso marker="httpc">httpc(3)</seealso>. </p> </section> <section> diff --git a/lib/inets/doc/src/httpd.xml b/lib/inets/doc/src/httpd.xml index 7dabeb33e9..f061488ac3 100644 --- a/lib/inets/doc/src/httpd.xml +++ b/lib/inets/doc/src/httpd.xml @@ -1,10 +1,10 @@ -<?xml version="1.0" encoding="latin1" ?> +<?xml version="1.0" encoding="iso-8859-1" ?> <!DOCTYPE erlref SYSTEM "erlref.dtd"> <erlref> <header> <copyright> - <year>1997</year><year>2010</year> + <year>1997</year><year>2011</year> <holder>Ericsson AB. All Rights Reserved.</holder> </copyright> <legalnotice> diff --git a/lib/inets/doc/src/notes.xml b/lib/inets/doc/src/notes.xml index 9ab35ff38b..ffbe4bd58f 100644 --- a/lib/inets/doc/src/notes.xml +++ b/lib/inets/doc/src/notes.xml @@ -1,10 +1,10 @@ -<?xml version="1.0" encoding="latin1" ?> +<?xml version="1.0" encoding="iso-8859-1" ?> <!DOCTYPE chapter SYSTEM "chapter.dtd"> <chapter> <header> <copyright> - <year>2002</year><year>2010</year> + <year>2002</year><year>2011</year> <holder>Ericsson AB. All Rights Reserved.</holder> </copyright> <legalnotice> @@ -32,6 +32,33 @@ <file>notes.xml</file> </header> + <section><title>Inets 5.3.5</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p>Updated http-server to make sure URLs in error-messages + are URL-encoded. Added support in http-client to use + URL-encoding. Also added the missing include directory + for the inets application.</p> + <p>Own Id: OTP-8940</p> + <p>Aux Id: seq11735</p> + </item> + + <item> + <p>[httpd] Prevent XSS in error pages. + Prevent user controlled input from being interpreted + as HTML in error pages by encoding the reserved HTML + characters. </p> + <p>Michael Santos</p> + <p>Own Id: OTP-9124</p> + </item> + </list> + </section> + + </section> <!-- 5.3.5 --> + + <section><title>Inets 5.3.4</title> <section><title>Improvements and New Features</title> |