diff options
author | Micael Karlberg <[email protected]> | 2011-10-25 12:34:56 +0200 |
---|---|---|
committer | Micael Karlberg <[email protected]> | 2011-10-25 12:34:56 +0200 |
commit | f9060599aeab81cb9282ddf51cc057bf1353208f (patch) | |
tree | 578dd77bf0511cf8b6575e4161da8a05efc57807 /lib/inets/src/http_lib | |
parent | 801ec3847e330b7d67b1e4ae700211380da0d6bd (diff) | |
download | otp-f9060599aeab81cb9282ddf51cc057bf1353208f.tar.gz otp-f9060599aeab81cb9282ddf51cc057bf1353208f.tar.bz2 otp-f9060599aeab81cb9282ddf51cc057bf1353208f.zip |
The XSS prevention methods used was confused if the
URL was encoded (hex-encoded).
OTP-9655
Diffstat (limited to 'lib/inets/src/http_lib')
-rw-r--r-- | lib/inets/src/http_lib/http_util.erl | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/lib/inets/src/http_lib/http_util.erl b/lib/inets/src/http_lib/http_util.erl index be0602ff6e..5d8cb9365d 100644 --- a/lib/inets/src/http_lib/http_util.erl +++ b/lib/inets/src/http_lib/http_util.erl @@ -190,9 +190,8 @@ timeout(Timeout, Started) -> html_encode(Chars) -> Reserved = sets:from_list([$&, $<, $>, $\", $', $/]), - lists:append(lists:map(fun(Char) -> - char_to_html_entity(Char, Reserved) - end, Chars)). + lists:append([char_to_html_entity(Char, Reserved) || Char <- Chars]). + %%%======================================================================== |