diff --git a/geowebcache/core/src/main/java/org/geowebcache/GeoWebCacheDispatcher.java b/geowebcache/core/src/main/java/org/geowebcache/GeoWebCacheDispatcher.java index b8a5a3758..3d155116f 100644 --- a/geowebcache/core/src/main/java/org/geowebcache/GeoWebCacheDispatcher.java +++ b/geowebcache/core/src/main/java/org/geowebcache/GeoWebCacheDispatcher.java @@ -14,6 +14,8 @@ */ package org.geowebcache; +import static org.apache.commons.text.StringEscapeUtils.escapeHtml4; + import java.io.File; import java.io.IOException; import java.io.InputStream; @@ -473,7 +475,7 @@ private void handleFrontPage(HttpServletRequest request, HttpServletResponse res baseUrl = ""; } else { String[] strs = request.getRequestURL().toString().split("/"); - baseUrl = strs[strs.length - 1] + "/"; + baseUrl = escapeHtml4(strs[strs.length - 1]) + "/"; } StringBuilder str = new StringBuilder(); @@ -576,10 +578,10 @@ private void appendStorageLocations(StringBuilder str) { LOG.log(Level.SEVERE, "Could not find local cache location", ex); } str.append("
").append(gridSetName); buf.append(" | OpenLayers: [");
@@ -206,8 +210,8 @@ private static void tableRows(
.map(
type ->
generateDemoUrl(
- layer.getName(),
- gridSubset.getName(),
+ escapedLayerName,
+ escapeHtml4(gridSubset.getName()),
type))
.collect(Collectors.joining(", ")));
@@ -240,12 +244,12 @@ private static void outputKMLSupport(StringBuffer buf, TileLayer layer) {
if (type == XMLMime.kmz) {
return String.format(
"kmz",
- prefix, layer.getName());
+ prefix, escapeHtml4(layer.getName()));
} else {
return String.format(
"%s",
prefix,
- layer.getName(),
+ escapeHtml4(layer.getName()),
type.getFileExtension(),
type.getFileExtension());
}
@@ -288,9 +292,9 @@ private static String generateHTML(TileLayer layer, String gridSetStr, String fo
buf.append("\n");
buf.append("\n" + " |