From 98fd9df4c4a04554fd2f707ca9ea2d674fad984d Mon Sep 17 00:00:00 2001
From: Micael Karlberg <bmk@erlang.org>
Date: Thu, 15 Sep 2011 09:43:48 +0200
Subject: Updated http-server to make sure URLs in error-messages are
 URL-encoded. Added support in http-client to use URL-encoding. Also added the
 missing include directory for the inets application.

OTP-8940

[httpd] Prevent XSS in error pages.
Prevent user controlled input from being interpreted
as HTML in error pages by encoding the reserved HTML
characters.
Michael Santos

OTP-9124
---
 lib/inets/doc/src/http_client.xml |  6 +++---
 lib/inets/doc/src/httpd.xml       |  4 ++--
 lib/inets/doc/src/notes.xml       | 31 +++++++++++++++++++++++++++++--
 3 files changed, 34 insertions(+), 7 deletions(-)

(limited to 'lib/inets/doc')

diff --git a/lib/inets/doc/src/http_client.xml b/lib/inets/doc/src/http_client.xml
index ea8053cafa..49327ca80f 100644
--- a/lib/inets/doc/src/http_client.xml
+++ b/lib/inets/doc/src/http_client.xml
@@ -1,10 +1,10 @@
-<?xml version="1.0" encoding="latin1" ?>
+<?xml version="1.0" encoding="iso-8859-1" ?>
 <!DOCTYPE chapter SYSTEM "chapter.dtd">
 
 <chapter>
   <header>
     <copyright>
-      <year>2004</year><year>2010</year>
+      <year>2004</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -57,7 +57,7 @@
       [{inets, [{services, [{httpc, PropertyList}]}]}]
     </pre>
     <p>For valid properties see 
-    <seealso marker="http">httpc(3)</seealso>. </p>
+    <seealso marker="httpc">httpc(3)</seealso>. </p>
   </section>
 
   <section>
diff --git a/lib/inets/doc/src/httpd.xml b/lib/inets/doc/src/httpd.xml
index 7dabeb33e9..f061488ac3 100644
--- a/lib/inets/doc/src/httpd.xml
+++ b/lib/inets/doc/src/httpd.xml
@@ -1,10 +1,10 @@
-<?xml version="1.0" encoding="latin1" ?>
+<?xml version="1.0" encoding="iso-8859-1" ?>
 <!DOCTYPE erlref SYSTEM "erlref.dtd">
 
 <erlref>
   <header>
     <copyright>
-      <year>1997</year><year>2010</year>
+      <year>1997</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/inets/doc/src/notes.xml b/lib/inets/doc/src/notes.xml
index 9ab35ff38b..ffbe4bd58f 100644
--- a/lib/inets/doc/src/notes.xml
+++ b/lib/inets/doc/src/notes.xml
@@ -1,10 +1,10 @@
-<?xml version="1.0" encoding="latin1" ?>
+<?xml version="1.0" encoding="iso-8859-1" ?>
 <!DOCTYPE chapter SYSTEM "chapter.dtd">
 
 <chapter>
   <header>
     <copyright>
-      <year>2002</year><year>2010</year>
+      <year>2002</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -32,6 +32,33 @@
     <file>notes.xml</file>
   </header>
   
+  <section><title>Inets 5.3.5</title>
+  
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>Updated http-server to make sure URLs in error-messages
+          are URL-encoded. Added support in http-client to use
+          URL-encoding. Also added the missing include directory
+          for the inets application.</p>
+          <p>Own Id: OTP-8940</p>
+          <p>Aux Id: seq11735</p>
+        </item>
+
+        <item>
+          <p>[httpd] Prevent XSS in error pages.
+          Prevent user controlled input from being interpreted 
+          as HTML in error pages by encoding the reserved HTML 
+          characters. </p>
+          <p>Michael Santos</p>
+          <p>Own Id: OTP-9124</p>
+        </item>
+      </list>
+    </section>
+  
+  </section> <!-- 5.3.5 -->
+
+
   <section><title>Inets 5.3.4</title>
 
     <section><title>Improvements and New Features</title>
-- 
cgit v1.2.3