From f9060599aeab81cb9282ddf51cc057bf1353208f Mon Sep 17 00:00:00 2001 From: Micael Karlberg Date: Tue, 25 Oct 2011 12:34:56 +0200 Subject: The XSS prevention methods used was confused if the URL was encoded (hex-encoded). OTP-9655 --- lib/inets/src/http_lib/http_util.erl | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'lib/inets/src/http_lib') diff --git a/lib/inets/src/http_lib/http_util.erl b/lib/inets/src/http_lib/http_util.erl index be0602ff6e..5d8cb9365d 100644 --- a/lib/inets/src/http_lib/http_util.erl +++ b/lib/inets/src/http_lib/http_util.erl @@ -190,9 +190,8 @@ timeout(Timeout, Started) -> html_encode(Chars) -> Reserved = sets:from_list([$&, $<, $>, $\", $', $/]), - lists:append(lists:map(fun(Char) -> - char_to_html_entity(Char, Reserved) - end, Chars)). + lists:append([char_to_html_entity(Char, Reserved) || Char <- Chars]). + %%%======================================================================== -- cgit v1.2.3