Fixed XSS in Internal Error page

Adding a </pre><xss> to an URL that triggered an internal error could be used to facilitate an XSS attack
2024-11-09 20:31:38 +01:00 · 2021-01-24 10:58:24 +02:00 · 2021-01-24 10:58:24 +02:00 · 5c49e95c7d
commit 5c49e95c7d
parent d8626f37a7
2 changed files with 3 additions and 3 deletions
--- a/Plan/common/src/main/java/com/djrapitops/plan/delivery/webserver/ResponseFactory.java
+++ b/Plan/common/src/main/java/com/djrapitops/plan/delivery/webserver/ResponseFactory.java
@ -137,8 +137,8 @@ public class ResponseFactory {
                .build();
    }

-    public Response internalErrorResponse(Throwable e, String s) {
-        return forInternalError(e, s);
+    public Response internalErrorResponse(Throwable e, String cause) {
+        return forInternalError(e, cause);
    }

    public Response networkPageResponse() {
--- a/Plan/common/src/main/java/com/djrapitops/plan/delivery/webserver/ResponseResolver.java
+++ b/Plan/common/src/main/java/com/djrapitops/plan/delivery/webserver/ResponseResolver.java
@ -146,7 +146,7 @@ public class ResponseResolver {
            throw e; // Pass along
        } catch (Exception e) {
            errorLogger.log(L.ERROR, e, ErrorContext.builder().related(request).build());
-            return responseFactory.internalErrorResponse(e, request.getPath().asString());
+            return responseFactory.internalErrorResponse(e, "Failed to get a response");
        }
    }