aboutsummaryrefslogtreecommitdiffstats
path: root/lib/inets/src/http_lib
diff options
context:
space:
mode:
authorMicael Karlberg <[email protected]>2011-10-25 12:34:56 +0200
committerMicael Karlberg <[email protected]>2011-10-25 12:34:56 +0200
commitf9060599aeab81cb9282ddf51cc057bf1353208f (patch)
tree578dd77bf0511cf8b6575e4161da8a05efc57807 /lib/inets/src/http_lib
parent801ec3847e330b7d67b1e4ae700211380da0d6bd (diff)
downloadotp-f9060599aeab81cb9282ddf51cc057bf1353208f.tar.gz
otp-f9060599aeab81cb9282ddf51cc057bf1353208f.tar.bz2
otp-f9060599aeab81cb9282ddf51cc057bf1353208f.zip
The XSS prevention methods used was confused if the
URL was encoded (hex-encoded). OTP-9655
Diffstat (limited to 'lib/inets/src/http_lib')
-rw-r--r--lib/inets/src/http_lib/http_util.erl5
1 files changed, 2 insertions, 3 deletions
diff --git a/lib/inets/src/http_lib/http_util.erl b/lib/inets/src/http_lib/http_util.erl
index be0602ff6e..5d8cb9365d 100644
--- a/lib/inets/src/http_lib/http_util.erl
+++ b/lib/inets/src/http_lib/http_util.erl
@@ -190,9 +190,8 @@ timeout(Timeout, Started) ->
html_encode(Chars) ->
Reserved = sets:from_list([$&, $<, $>, $\", $', $/]),
- lists:append(lists:map(fun(Char) ->
- char_to_html_entity(Char, Reserved)
- end, Chars)).
+ lists:append([char_to_html_entity(Char, Reserved) || Char <- Chars]).
+
%%%========================================================================