[httpd] XSS prevention did not work for hex-encoded URL's.

OTP-9655 Merge branch 'bmk/inets/httpd/xss_when_erl_encoded/r13/OTP-9655' into bmk/inets/inets536_integration
author: Micael Karlberg <bmk@erlang.org> 2011-11-01 18:14:58 +0100
committer: Micael Karlberg <bmk@erlang.org> 2011-11-01 18:14:58 +0100
commit: 2da7b99f186e7a8f9a74b1c7aa60b1354cbc31ea (patch)
tree: e47f27ddf5c4a2846bbe578e18d9f41b9de10c15 /lib/inets/src/http_lib/http_util.erl
parent: f8b20b4a995727f0339074d23a0fae50712683d2 (diff)
parent: b6719f7943cbaeb10d5121f360f9540db494b639 (diff)
download: otp-2da7b99f186e7a8f9a74b1c7aa60b1354cbc31ea.tar.gz
otp-2da7b99f186e7a8f9a74b1c7aa60b1354cbc31ea.tar.bz2
otp-2da7b99f186e7a8f9a74b1c7aa60b1354cbc31ea.zip
1 files changed, 2 insertions, 3 deletions
diff --git a/lib/inets/src/http_lib/http_util.erl b/lib/inets/src/http_lib/http_util.erl
index be0602ff6e..5d8cb9365d 100644
--- a/lib/inets/src/http_lib/http_util.erl
+++ b/lib/inets/src/http_lib/http_util.erl
@@ -190,9 +190,8 @@ timeout(Timeout, Started) ->
     
 html_encode(Chars) ->
     Reserved = sets:from_list([$&, $<, $>, $\", $', $/]),
-    lists:append(lists:map(fun(Char) ->
-				   char_to_html_entity(Char, Reserved)
-			   end, Chars)).
+    lists:append([char_to_html_entity(Char, Reserved) || Char <- Chars]).
+
 
 
 %%%========================================================================
author	Micael Karlberg <bmk@erlang.org>	2011-11-01 18:14:58 +0100
committer	Micael Karlberg <bmk@erlang.org>	2011-11-01 18:14:58 +0100
commit	2da7b99f186e7a8f9a74b1c7aa60b1354cbc31ea (patch)
tree	e47f27ddf5c4a2846bbe578e18d9f41b9de10c15 /lib/inets/src/http_lib/http_util.erl
parent	f8b20b4a995727f0339074d23a0fae50712683d2 (diff)
parent	b6719f7943cbaeb10d5121f360f9540db494b639 (diff)
download	otp-2da7b99f186e7a8f9a74b1c7aa60b1354cbc31ea.tar.gz otp-2da7b99f186e7a8f9a74b1c7aa60b1354cbc31ea.tar.bz2 otp-2da7b99f186e7a8f9a74b1c7aa60b1354cbc31ea.zip