Skip to content

Commit aaf08f5

Browse files
michaeloffnermichaeloffner
committed
add angle bracket escaping to Custom XPath encoder
1 parent 2de0164 commit aaf08f5

File tree

1 file changed

+6
-0
lines changed

1 file changed

+6
-0
lines changed

source/java/src/org/lucee/extension/guard/CustomEncoder.java

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,12 @@ public static String encodeForXPath(String input) {
6868
case '\"':
6969
sb.append(""");
7070
break;
71+
case '<':
72+
sb.append("&lt;");
73+
break; // Add this
74+
case '>':
75+
sb.append("&gt;");
76+
break; // Add this
7177
default:
7278
if (c < 32 || c > 126) {
7379
sb.append('\\').append(Integer.toHexString(c | 0x100).substring(1));

0 commit comments

Comments
 (0)