зеркало из https://github.com/github/codeql.git
Merge pull request #17837 from smowton/smowton/admin/trim-java-web-jsp-test
Java: Trim JSP test
This commit is contained in:
Коммит
fa4cc83753
|
@ -54,30 +54,6 @@
|
||||||
<type>pom</type>
|
<type>pom</type>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
|
||||||
|
|
||||||
<!-- Spring Web MVC (Include Tag Lib) -->
|
|
||||||
<dependency>
|
|
||||||
<groupId>org.springframework</groupId>
|
|
||||||
<artifactId>spring-webmvc</artifactId>
|
|
||||||
<version>${spring.version}</version>
|
|
||||||
<type>jar</type>
|
|
||||||
</dependency>
|
|
||||||
|
|
||||||
|
|
||||||
<!-- OWASP Java Encoder -->
|
|
||||||
|
|
||||||
<dependency>
|
|
||||||
<groupId>org.owasp.encoder</groupId>
|
|
||||||
<artifactId>encoder</artifactId>
|
|
||||||
<version>1.2</version>
|
|
||||||
</dependency>
|
|
||||||
|
|
||||||
<dependency>
|
|
||||||
<groupId>org.owasp.encoder</groupId>
|
|
||||||
<artifactId>encoder-jsp</artifactId>
|
|
||||||
<version>1.2</version>
|
|
||||||
</dependency>
|
|
||||||
|
|
||||||
</dependencies>
|
</dependencies>
|
||||||
|
|
||||||
<profiles>
|
<profiles>
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
This page should be private.
|
|
|
@ -1,6 +0,0 @@
|
||||||
<i>Psst <a href="?secret_param=../WEB-INF/secret.jsp">click me</a> or <a href="?secret_param=../WEB-INF/web.xml">click me</a>!</i>
|
|
||||||
<br/><br/>
|
|
||||||
|
|
||||||
|
|
||||||
<%@include file="${param.secret_param}.jsp"%> <!-- Safe will be evaluate as literal -->
|
|
||||||
<%-- This line doesn't compile in weblogic --%>
|
|
|
@ -1,9 +0,0 @@
|
||||||
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
|
|
||||||
|
|
||||||
<i>Psst <a href="?secret_param=../WEB-INF/secret.jsp">click me</a> or <a href="?secret_param=../WEB-INF/web.xml">click me</a>!</i>
|
|
||||||
<br/><br/>
|
|
||||||
|
|
||||||
|
|
||||||
<c:if test="${param.secret_param != null}">
|
|
||||||
<c:import url="${param.secret_param}" />
|
|
||||||
</c:if>
|
|
|
@ -1,45 +0,0 @@
|
||||||
<html>
|
|
||||||
<head>
|
|
||||||
<title>Embedded Jetty: JSP Examples</title>
|
|
||||||
</head>
|
|
||||||
<body>
|
|
||||||
<h1>Vulnerable JSP pages</h1>
|
|
||||||
|
|
||||||
<h2>XSS</h2>
|
|
||||||
<ul>
|
|
||||||
<li><a href="/xss/xss0.jsp">XSS 0</a></li>
|
|
||||||
<li><a href="/xss/xss1.jsp">XSS 1</a></li>
|
|
||||||
<li><a href="/xss/xss2.jsp">XSS 2</a></li>
|
|
||||||
<li><a href="/xss/xss3.jsp">XSS 3</a></li>
|
|
||||||
<li><a href="/xss/xss4.jsp">XSS 4</a></li>
|
|
||||||
<li><a href="/xss/xss5.jsp">XSS 5</a></li>
|
|
||||||
</ul>
|
|
||||||
|
|
||||||
<h2>XML parsing</h2>
|
|
||||||
<ul>
|
|
||||||
<li><a href="/xml/xml1.jsp?xml=<stock><symbol>TKM%3C%2Fsymbol>%3C%2Fstock>">XML 1</a></li>
|
|
||||||
<li><a href="/xml/xml2.jsp">XML 2</a></li>
|
|
||||||
</ul>
|
|
||||||
|
|
||||||
<h2>XSLT</h2>
|
|
||||||
<ul>
|
|
||||||
<li><a href='/xsl/xsl1.jsp?xml=<stock><symbol>TKM%3C%2Fsymbol>%3C%2Fstock>&xslt=%3Cxsl%3Astylesheet%20version%3D"1.0"%0A%20xmlns%3Axsl%3D"http%3A%2F%2Fwww.w3.org%2F1999%2FXSL%2FTransform"%20%20%20%20%20%20%20%20%20%0A%20xmlns%3Art%3D"http%3A%2F%2Fxml.apache.org%2Fxalan%2Fjava%2Fjava.lang.Runtime"%0A%20exclude-result-prefixes%3D"date">%0A%20%20%20%20%20%20%20%20%3Cxsl%3Aoutput%20method%3D"text"%2F>%0A%20%20%20%20%20%20%20%20%3Cxsl%3Atemplate%20match%3D"%2F">%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3Cxsl%3Atext>Quote%20requested%20for%3A%20%3C%2Fxsl%3Atext>%3Cblink>%3Cxsl%3Avalue-of%20select%3D"stock%2Fsymbol"%2F>%3C%2Fblink>%0A%20%20%20%20%20%20%20%20%3C%2Fxsl%3Atemplate>%0A%3C%2Fxsl%3Astylesheet>'>XSL 1</a></li>
|
|
||||||
<li><a href='/xsl/xsl2.jsp?xslt=%3Cxsl%3Astylesheet%20version%3D"1.0"%0A%20xmlns%3Axsl%3D"http%3A%2F%2Fwww.w3.org%2F1999%2FXSL%2FTransform"%20%20%20%20%20%20%20%20%20%0A%20xmlns%3Art%3D"http%3A%2F%2Fxml.apache.org%2Fxalan%2Fjava%2Fjava.lang.Runtime"%0A%20exclude-result-prefixes%3D"date">%0A%20%20%20%20%20%20%20%20%3Cxsl%3Aoutput%20method%3D"text"%2F>%0A%20%20%20%20%20%20%20%20%3Cxsl%3Atemplate%20match%3D"%2F">%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3Cxsl%3Atext>Quote%20requested%20for%3A%20%3C%2Fxsl%3Atext>%3Cblink>%3Cxsl%3Avalue-of%20select%3D"stock%2Fsymbol"%2F>%3C%2Fblink>%0A%20%20%20%20%20%20%20%20%3C%2Fxsl%3Atemplate>%0A%3C%2Fxsl%3Astylesheet>'>XSL 2</a></li>
|
|
||||||
<li><a href='/xsl/xsl3.jsp?xml=<stock><symbol>TKM%3C%2Fsymbol>%3C%2Fstock>'>XSL 3</a></li>
|
|
||||||
<li><a href='/xsl/xsl4.jsp'>XSL 4</a></li>
|
|
||||||
</ul>
|
|
||||||
|
|
||||||
<h2>Various JSP samples </h2>
|
|
||||||
<ul>
|
|
||||||
<li><a href="test/dump.jsp">JSP 1.2 embedded java</a></li>
|
|
||||||
<li><a href="test/bean1.jsp">JSP 1.2 Bean demo</a></li>
|
|
||||||
<li><a href="test/tag.jsp">JSP 1.2 BodyTag demo</a></li>
|
|
||||||
<li><a href="test/tag2.jsp">JSP 2.0 SimpleTag demo</a></li>
|
|
||||||
<li><a href="test/tagfile.jsp">JSP 2.0 Tag File demo</a></li>
|
|
||||||
<li><a href="test/expr.jsp?A=1">JSP 2.0 Tag Expression</a></li>
|
|
||||||
<li><a href="test/jstl.jsp">JSTL Expression</a></li>
|
|
||||||
<li><a href="test/foo/">Mapping to <jsp-file></a></li>
|
|
||||||
<li><a href="date/">Servlet Forwarding to JSP demo</a></li>
|
|
||||||
</ul>
|
|
||||||
</body>
|
|
||||||
</html>
|
|
|
@ -1,3 +0,0 @@
|
||||||
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
|
|
||||||
|
|
||||||
<c:out value="${param.test_param}" escapeXml="true"/>
|
|
|
@ -1,3 +0,0 @@
|
||||||
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
|
|
||||||
|
|
||||||
<c:out value="${param.test_param}" escapeXml="false"/>
|
|
|
@ -1,20 +0,0 @@
|
||||||
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
|
|
||||||
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
|
|
||||||
|
|
||||||
|
|
||||||
<form method="get" action="">
|
|
||||||
<input type="text" name="expression" value="1+1"> <input type="submit" value="test">
|
|
||||||
</form>
|
|
||||||
|
|
||||||
|
|
||||||
<c:set var="expression" value="${param.expression}" scope="request" />
|
|
||||||
Evaluating ("${expression}") : <c:out value="${expression}" /><br/>
|
|
||||||
<br/>
|
|
||||||
|
|
||||||
<c:if test="${expression != null}">
|
|
||||||
Output:
|
|
||||||
<pre style="background-color:#CCC">
|
|
||||||
<spring:eval expression="${expression}" var="results" />
|
|
||||||
<c:out value="${results}" />
|
|
||||||
</pre>
|
|
||||||
</c:if>
|
|
|
@ -1,20 +0,0 @@
|
||||||
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
|
|
||||||
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
|
|
||||||
|
|
||||||
|
|
||||||
Change the language:
|
|
||||||
<form method="get" action="">
|
|
||||||
<input type="text" name="lang" value="1+1"> <input type="submit" value="test">
|
|
||||||
</form>
|
|
||||||
|
|
||||||
Evaluating ("${param.lang}") : <c:out value="${param.lang}" /><br/>
|
|
||||||
<br/>
|
|
||||||
|
|
||||||
|
|
||||||
<c:if test="${param.lang != null}">
|
|
||||||
Output:
|
|
||||||
<pre style="background-color:#CCC">
|
|
||||||
<spring:eval expression="${param.lang}" var="results" />
|
|
||||||
<c:out value="${results}" />
|
|
||||||
</pre>
|
|
||||||
</c:if>
|
|
|
@ -1,20 +0,0 @@
|
||||||
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
|
|
||||||
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
|
|
||||||
|
|
||||||
|
|
||||||
Value is YOLO ?:
|
|
||||||
<form method="get" action="">
|
|
||||||
<input type="text" name="value" value="1+1"> <input type="submit" value="test">
|
|
||||||
</form>
|
|
||||||
|
|
||||||
Evaluating ("'${param.value}'=='YOLO'") : <c:out value="${param.value}" /><br/>
|
|
||||||
<br/>
|
|
||||||
|
|
||||||
|
|
||||||
<c:if test="${param.value != null}">
|
|
||||||
Output:
|
|
||||||
<pre style="background-color:#CCC">
|
|
||||||
<spring:eval expression="'${param.value}'=='YOLO'" var="results" />
|
|
||||||
<c:out value="${results}" />
|
|
||||||
</pre>
|
|
||||||
</c:if>
|
|
|
@ -1,20 +0,0 @@
|
||||||
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
|
|
||||||
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
|
|
||||||
|
|
||||||
|
|
||||||
Set some value :
|
|
||||||
<form method="get" action="">
|
|
||||||
<input type="text" name="value" value="1+1"> <input type="submit" value="test">
|
|
||||||
</form>
|
|
||||||
|
|
||||||
Evaluating ("param.value") : <c:out value="${param.value}" /><br/>
|
|
||||||
<br/>
|
|
||||||
|
|
||||||
|
|
||||||
<c:if test="${param.value != null}">
|
|
||||||
Output:
|
|
||||||
<pre style="background-color:#CCC">
|
|
||||||
<spring:eval expression="param.value" var="results" />
|
|
||||||
<c:out value="${results}" />
|
|
||||||
</pre>
|
|
||||||
</c:if>
|
|
|
@ -1,15 +0,0 @@
|
||||||
<html>
|
|
||||||
<%@ page session="true"%>
|
|
||||||
<body>
|
|
||||||
<jsp:useBean id='counter' scope='session' class='com.acme.Counter' type="com.acme.Counter" />
|
|
||||||
|
|
||||||
<h1>JSP1.2 Beans: 1</h1>
|
|
||||||
|
|
||||||
Counter accessed <jsp:getProperty name="counter" property="count"/> times.<br/>
|
|
||||||
Counter last accessed by <jsp:getProperty name="counter" property="last"/><br/>
|
|
||||||
<jsp:setProperty name="counter" property="last" value="<%= request.getRequestURI()%>"/>
|
|
||||||
|
|
||||||
<a href="bean2.jsp">Goto bean2.jsp</a>
|
|
||||||
|
|
||||||
</body>
|
|
||||||
</html>
|
|
|
@ -1,15 +0,0 @@
|
||||||
<html>
|
|
||||||
<%@ page session="true"%>
|
|
||||||
<body>
|
|
||||||
<jsp:useBean id='counter' scope='session' class='com.acme.Counter' type="com.acme.Counter" />
|
|
||||||
|
|
||||||
<h1>JSP1.2 Beans: 2</h1>
|
|
||||||
|
|
||||||
Counter accessed <jsp:getProperty name="counter" property="count"/> times.<br/>
|
|
||||||
Counter last accessed by <jsp:getProperty name="counter" property="last"/><br/>
|
|
||||||
<jsp:setProperty name="counter" property="last" value="<%= request.getRequestURI()%>"/>
|
|
||||||
|
|
||||||
<a href="bean1.jsp">Goto bean1.jsp</a>
|
|
||||||
|
|
||||||
</body>
|
|
||||||
</html>
|
|
|
@ -1,23 +0,0 @@
|
||||||
<html><head>
|
|
||||||
<%@ page import="java.util.Enumeration" %>
|
|
||||||
</head><body>
|
|
||||||
<h1>JSP Dump</h1>
|
|
||||||
|
|
||||||
<table border="1">
|
|
||||||
<tr><th>Request URI:</th><td><%= request.getRequestURI() %></td></tr>
|
|
||||||
<tr><th>ServletPath:</th><td><%= request.getServletPath() %></td></tr>
|
|
||||||
<tr><th>PathInfo:</th><td><%= request.getPathInfo() %></td></tr>
|
|
||||||
|
|
||||||
<%
|
|
||||||
Enumeration e =request.getParameterNames();
|
|
||||||
while(e.hasMoreElements())
|
|
||||||
{
|
|
||||||
String name = (String)e.nextElement();
|
|
||||||
%>
|
|
||||||
<tr>
|
|
||||||
<th>getParameter("<%= name %>")</th>
|
|
||||||
<td><%= request.getParameter(name) %></td></tr>
|
|
||||||
<% } %>
|
|
||||||
|
|
||||||
</table>
|
|
||||||
</body></html>
|
|
|
@ -1,23 +0,0 @@
|
||||||
<html>
|
|
||||||
<h1>JSP2.0 Expressions</h1>
|
|
||||||
|
|
||||||
<table border="1">
|
|
||||||
<tr><th>Expression</th><th>Result</th></tr>
|
|
||||||
<tr>
|
|
||||||
<td>\${param["A"]}</td>
|
|
||||||
<td>${param["A"]} </td>
|
|
||||||
</tr><tr>
|
|
||||||
<td>\${header["host"]}</td>
|
|
||||||
<td>${header["host"]}</td>
|
|
||||||
</tr><tr>
|
|
||||||
<td>\${header["user-agent"]}</td>
|
|
||||||
<td>${header["user-agent"]}</td>
|
|
||||||
</tr><tr>
|
|
||||||
<td>\${1+1}</td>
|
|
||||||
<td>${1+1}</td>
|
|
||||||
</tr><tr>
|
|
||||||
<td>\${param["A"] * 2}</td>
|
|
||||||
<td>${param["A"] * 2} </td>
|
|
||||||
</tr>
|
|
||||||
</table>
|
|
||||||
</html>
|
|
|
@ -1,15 +0,0 @@
|
||||||
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
|
|
||||||
<html>
|
|
||||||
<head>
|
|
||||||
</head>
|
|
||||||
<body>
|
|
||||||
<h1>FOO Example</h1>
|
|
||||||
<hr>
|
|
||||||
<p>A trivial FOO example
|
|
||||||
<hr>
|
|
||||||
<c:forEach var="i" begin="1" end="10" step="1">
|
|
||||||
<c:out value="${i}" />
|
|
||||||
<br />
|
|
||||||
</c:forEach>
|
|
||||||
</body>
|
|
||||||
</html>
|
|
|
@ -1,15 +0,0 @@
|
||||||
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
|
|
||||||
<html>
|
|
||||||
<head>
|
|
||||||
</head>
|
|
||||||
<body>
|
|
||||||
<h1>JSTL Example</h1>
|
|
||||||
<hr>
|
|
||||||
<p>A trivial jstl example
|
|
||||||
<hr>
|
|
||||||
<c:forEach var="i" begin="1" end="10" step="1">
|
|
||||||
<c:out value="${i}" />
|
|
||||||
<br />
|
|
||||||
</c:forEach>
|
|
||||||
</body>
|
|
||||||
</html>
|
|
|
@ -1,16 +0,0 @@
|
||||||
<html>
|
|
||||||
<body>
|
|
||||||
|
|
||||||
<%@ taglib uri="http://www.acme.com/taglib" prefix="acme" %>
|
|
||||||
|
|
||||||
<small><acme:date tz="GMT">EEE, dd/MMM/yyyy HH:mm:ss ZZZ</acme:date>
|
|
||||||
==></small>
|
|
||||||
<acme:date tz="GMT">EEE, dd/MMM/yyyy HH:mm:ss ZZZ</acme:date>
|
|
||||||
<br/>
|
|
||||||
<small><acme:date tz="EST">EEE, dd-MMM-yyyy HH:mm:ss ZZZ</acme:date>
|
|
||||||
==></small>
|
|
||||||
<acme:date tz="EST">EEE, dd-MMM-yyyy HH:mm:ss ZZZ</acme:date>
|
|
||||||
<br/>
|
|
||||||
|
|
||||||
</body>
|
|
||||||
</html>
|
|
|
@ -1,19 +0,0 @@
|
||||||
<html>
|
|
||||||
<body>
|
|
||||||
|
|
||||||
<%@ taglib uri="http://www.acme.com/taglib2" prefix="acme" %>
|
|
||||||
|
|
||||||
<acme:date2 format="long">
|
|
||||||
On ${day} of ${month} in the year ${year}
|
|
||||||
</acme:date2>
|
|
||||||
|
|
||||||
<br/>
|
|
||||||
|
|
||||||
<acme:date2 format="short">
|
|
||||||
${day} - ${month} - ${year}
|
|
||||||
</acme:date2>
|
|
||||||
|
|
||||||
<br/>
|
|
||||||
|
|
||||||
</body>
|
|
||||||
</html>
|
|
|
@ -1,37 +0,0 @@
|
||||||
<%@ taglib prefix="acme" tagdir="/WEB-INF/tags" %>
|
|
||||||
<html>
|
|
||||||
<head>
|
|
||||||
</head>
|
|
||||||
<body>
|
|
||||||
<h1>JSP 2.0 Tag File Example</h1>
|
|
||||||
<hr>
|
|
||||||
<p>Panel tag created from JSP fragment file in WEB-INF/tags
|
|
||||||
<hr>
|
|
||||||
<table border="0">
|
|
||||||
<tr valign="top">
|
|
||||||
<td>
|
|
||||||
<acme:panel color="#ff8080" bgcolor="#ffc0c0" title="Panel 1">
|
|
||||||
First panel.<br/>
|
|
||||||
</acme:panel>
|
|
||||||
</td>
|
|
||||||
<td>
|
|
||||||
<acme:panel color="#80ff80" bgcolor="#c0ffc0" title="Panel 2">
|
|
||||||
Second panel.<br/>
|
|
||||||
Second panel.<br/>
|
|
||||||
Second panel.<br/>
|
|
||||||
Second panel.<br/>
|
|
||||||
</acme:panel>
|
|
||||||
</td>
|
|
||||||
<td>
|
|
||||||
<acme:panel color="#8080ff" bgcolor="#c0c0ff" title="Panel 3">
|
|
||||||
Third panel.<br/>
|
|
||||||
<acme:panel color="#ff80ff" bgcolor="#ffc0ff" title="Inner">
|
|
||||||
A panel in a panel.
|
|
||||||
</acme:panel>
|
|
||||||
Third panel.<br/>
|
|
||||||
</acme:panel>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
</table>
|
|
||||||
</body>
|
|
||||||
</html>
|
|
|
@ -1,21 +0,0 @@
|
||||||
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
|
|
||||||
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
|
|
||||||
|
|
||||||
JSTL
|
|
||||||
|
|
||||||
<c:out value="${param.test_param1}"/>
|
|
||||||
|
|
||||||
<c:out value="${param.test_param2}" escapeXml="true"/>
|
|
||||||
|
|
||||||
<c:out value="${param.test_param3}" escapeXml="false"/>
|
|
||||||
|
|
||||||
JSP include
|
|
||||||
|
|
||||||
<%@include file="index.jsp"%>
|
|
||||||
|
|
||||||
<c:import url="${param.secret_param}" />
|
|
||||||
|
|
||||||
Spring eval
|
|
||||||
|
|
||||||
<spring:eval expression="${param.lang}" var="results" />
|
|
||||||
<c:out value="${results}" />
|
|
|
@ -1,3 +0,0 @@
|
||||||
<%@ taglib prefix="x" uri="http://java.sun.com/jsp/jstl/xml" %>
|
|
||||||
<x:parse var="doc" xml="${param.xml}" />
|
|
||||||
You requested a quote for: <x:out select="$doc/stock/symbol" />
|
|
|
@ -1,3 +0,0 @@
|
||||||
<%@ taglib prefix="x" uri="http://java.sun.com/jsp/jstl/xml" %>
|
|
||||||
<x:parse var="doc" xml="<stock><symbol>TKM</symbol></stock>" />
|
|
||||||
You requested a quote for: <x:out select="$doc/stock/symbol" />
|
|
|
@ -1,2 +0,0 @@
|
||||||
<%@ taglib prefix="x" uri="http://java.sun.com/jsp/jstl/xml" %>
|
|
||||||
<x:transform xml="${param.xml}" xslt="${param.xslt}" />
|
|
|
@ -1,2 +0,0 @@
|
||||||
<%@ taglib prefix="x" uri="http://java.sun.com/jsp/jstl/xml" %>
|
|
||||||
<x:transform xml="<stock><symbol>TKM</symbol></stock>" xslt="${param.xslt}" />
|
|
|
@ -1,2 +0,0 @@
|
||||||
<%@ taglib prefix="x" uri="http://java.sun.com/jsp/jstl/xml" %>
|
|
||||||
<x:transform xml="${param.xml}" xslt='<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" exclude-result-prefixes="date"></xsl:stylesheet>' />
|
|
|
@ -1,2 +0,0 @@
|
||||||
<%@ taglib prefix="x" uri="http://java.sun.com/jsp/jstl/xml" %>
|
|
||||||
<x:transform xml="<static>SAFE</static>" xslt='<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" exclude-result-prefixes="date"></xsl:stylesheet>' />
|
|
|
@ -1,6 +0,0 @@
|
||||||
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
|
|
||||||
|
|
||||||
<p>
|
|
||||||
Client message:<br/>
|
|
||||||
<c:out value="${param.test}" escapeXml="false"/>
|
|
||||||
</p>
|
|
|
@ -1,4 +0,0 @@
|
||||||
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
|
|
||||||
<script>
|
|
||||||
var test = ${param.test};
|
|
||||||
</script>
|
|
|
@ -1,4 +0,0 @@
|
||||||
|
|
||||||
Contact form:<br/>
|
|
||||||
|
|
||||||
<textarea>${param.message}</textarea>
|
|
|
@ -1,3 +0,0 @@
|
||||||
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
|
|
||||||
|
|
||||||
Hello <c:out value="${param.test}"/>!
|
|
|
@ -1,7 +0,0 @@
|
||||||
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
|
|
||||||
<script>
|
|
||||||
function hello(param1,param2) {
|
|
||||||
console.info(param1+" "+param2);
|
|
||||||
}
|
|
||||||
var test = hello('<c:out value="${param.test1}"/>','<c:out value="${param.test2}"/>');
|
|
||||||
</script>
|
|
|
@ -1,11 +0,0 @@
|
||||||
<%@taglib prefix="e" uri="https://www.owasp.org/index.php/OWASP_Java_Encoder_Project" %>
|
|
||||||
|
|
||||||
|
|
||||||
<h1>${e:forHtml(param.test1)}</h1>
|
|
||||||
|
|
||||||
<script>
|
|
||||||
function hello(param1,param2) {
|
|
||||||
console.info(param1+" "+param2);
|
|
||||||
}
|
|
||||||
var test = hello('${e:forJavaScript(param.test1)}','${e:forJavaScript(param.test2)}');
|
|
||||||
</script>
|
|
|
@ -7,43 +7,10 @@
|
||||||
| src/main/java/org/eclipse/jetty/demo/LoggingUtil.java:0:0:0:0 | LoggingUtil |
|
| src/main/java/org/eclipse/jetty/demo/LoggingUtil.java:0:0:0:0 | LoggingUtil |
|
||||||
| src/main/java/org/eclipse/jetty/demo/Main.java:0:0:0:0 | Main |
|
| src/main/java/org/eclipse/jetty/demo/Main.java:0:0:0:0 | Main |
|
||||||
| src/main/java/org/eclipse/jetty/demo/SystemOutHandler.java:0:0:0:0 | SystemOutHandler |
|
| src/main/java/org/eclipse/jetty/demo/SystemOutHandler.java:0:0:0:0 | SystemOutHandler |
|
||||||
| target/classes/jsp/WEB_002dINF/secret_jsp.java:0:0:0:0 | secret_jsp |
|
|
||||||
| target/classes/jsp/include/$_007bparam_secret_005fparam_007d_jsp.java:0:0:0:0 | $_007bparam_secret_005fparam_007d_jsp |
|
| target/classes/jsp/include/$_007bparam_secret_005fparam_007d_jsp.java:0:0:0:0 | $_007bparam_secret_005fparam_007d_jsp |
|
||||||
| target/classes/jsp/include/jsp_005finclude_005f1_jsp.java:0:0:0:0 | jsp_005finclude_005f1_jsp |
|
| target/classes/jsp/include/jsp_005finclude_005f1_jsp.java:0:0:0:0 | jsp_005finclude_005f1_jsp |
|
||||||
| target/classes/jsp/include/jsp_005finclude_005f2_005fsafe_jsp.java:0:0:0:0 | jsp_005finclude_005f2_005fsafe_jsp |
|
|
||||||
| target/classes/jsp/include/jsp_005finclude_005f3_jsp.java:0:0:0:0 | jsp_005finclude_005f3_jsp |
|
|
||||||
| target/classes/jsp/index_jsp.java:0:0:0:0 | index_jsp |
|
|
||||||
| target/classes/jsp/jstl/jstl_005fescape_005f1_jsp.java:0:0:0:0 | jstl_005fescape_005f1_jsp |
|
| target/classes/jsp/jstl/jstl_005fescape_005f1_jsp.java:0:0:0:0 | jstl_005fescape_005f1_jsp |
|
||||||
| target/classes/jsp/jstl/jstl_005fescape_005f2_jsp.java:0:0:0:0 | jstl_005fescape_005f2_jsp |
|
|
||||||
| target/classes/jsp/jstl/jstl_005fescape_005f3_jsp.java:0:0:0:0 | jstl_005fescape_005f3_jsp |
|
|
||||||
| target/classes/jsp/random_jsp.java:0:0:0:0 | random_jsp |
|
| target/classes/jsp/random_jsp.java:0:0:0:0 | random_jsp |
|
||||||
| target/classes/jsp/spring/spring_005feval_005f1_jsp.java:0:0:0:0 | spring_005feval_005f1_jsp |
|
|
||||||
| target/classes/jsp/spring/spring_005feval_005f2_jsp.java:0:0:0:0 | spring_005feval_005f2_jsp |
|
|
||||||
| target/classes/jsp/spring/spring_005feval_005f3_jsp.java:0:0:0:0 | spring_005feval_005f3_jsp |
|
|
||||||
| target/classes/jsp/spring/spring_005feval_005f4_005fsafe_jsp.java:0:0:0:0 | spring_005feval_005f4_005fsafe_jsp |
|
|
||||||
| target/classes/jsp/test/bean1_jsp.java:0:0:0:0 | bean1_jsp |
|
|
||||||
| target/classes/jsp/test/bean2_jsp.java:0:0:0:0 | bean2_jsp |
|
|
||||||
| target/classes/jsp/test/dump_jsp.java:0:0:0:0 | dump_jsp |
|
|
||||||
| target/classes/jsp/test/expr_jsp.java:0:0:0:0 | expr_jsp |
|
|
||||||
| target/classes/jsp/test/foo/foo_jsp.java:0:0:0:0 | foo_jsp |
|
|
||||||
| target/classes/jsp/test/jstl_jsp.java:0:0:0:0 | jstl_jsp |
|
|
||||||
| target/classes/jsp/test/tag2_jsp.java:0:0:0:0 | tag2_jsp |
|
|
||||||
| target/classes/jsp/test/tag_jsp.java:0:0:0:0 | tag_jsp |
|
|
||||||
| target/classes/jsp/test/tagfile_jsp.java:0:0:0:0 | tagfile_jsp |
|
|
||||||
| target/classes/jsp/various_jsp.java:0:0:0:0 | various_jsp |
|
|
||||||
| target/classes/jsp/xml/xml1_jsp.java:0:0:0:0 | xml1_jsp |
|
|
||||||
| target/classes/jsp/xml/xml2_jsp.java:0:0:0:0 | xml2_jsp |
|
|
||||||
| target/classes/jsp/xsl/xsl1_jsp.java:0:0:0:0 | xsl1_jsp |
|
|
||||||
| target/classes/jsp/xsl/xsl2_jsp.java:0:0:0:0 | xsl2_jsp |
|
|
||||||
| target/classes/jsp/xsl/xsl3_jsp.java:0:0:0:0 | xsl3_jsp |
|
|
||||||
| target/classes/jsp/xsl/xsl4_jsp.java:0:0:0:0 | xsl4_jsp |
|
|
||||||
| target/classes/jsp/xss/xss0_jsp.java:0:0:0:0 | xss0_jsp |
|
|
||||||
| target/classes/jsp/xss/xss1_jsp.java:0:0:0:0 | xss1_jsp |
|
|
||||||
| target/classes/jsp/xss/xss2_jsp.java:0:0:0:0 | xss2_jsp |
|
|
||||||
| target/classes/jsp/xss/xss3_jsp.java:0:0:0:0 | xss3_jsp |
|
|
||||||
| target/classes/jsp/xss/xss4_jsp.java:0:0:0:0 | xss4_jsp |
|
|
||||||
| target/classes/jsp/xss/xss5_jsp.java:0:0:0:0 | xss5_jsp |
|
|
||||||
| target/classes/org/apache/jsp/tag/web/panel_tag.java:0:0:0:0 | panel_tag |
|
|
||||||
xmlFiles
|
xmlFiles
|
||||||
| pom.xml:0:0:0:0 | pom.xml |
|
| pom.xml:0:0:0:0 | pom.xml |
|
||||||
| spotbugs-security-exclude.xml:0:0:0:0 | spotbugs-security-exclude.xml |
|
| spotbugs-security-exclude.xml:0:0:0:0 | spotbugs-security-exclude.xml |
|
||||||
|
|
Загрузка…
Ссылка в новой задаче