Skip to content

Commit

Permalink
Security fix: Prevent RestExceptionHandler XSS
Browse files Browse the repository at this point in the history
  • Loading branch information
@Nonononoki
Nonononoki committed Jul 19, 2021
1 parent 4b52e22 commit 3c93dea
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion src/main/java/com/nonononoki/alovoa/component/RestExceptionHandler.java
View file
Expand Up @@ -10,6 +10,7 @@
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.context.request.WebRequest;
import org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler;
import org.springframework.web.util.HtmlUtils;

@ControllerAdvice
public class RestExceptionHandler extends ResponseEntityExceptionHandler {
Expand All @@ -19,7 +20,7 @@ public class RestExceptionHandler extends ResponseEntityExceptionHandler {
@ExceptionHandler
protected ResponseEntity<Object> handleConflict(Exception ex, WebRequest request) {
LOGGER.error(ExceptionUtils.getStackTrace(ex));
return handleExceptionInternal(ex, ex.getMessage() /* ExceptionUtils.getStackTrace(ex) */, new HttpHeaders(),
return handleExceptionInternal(ex, HtmlUtils.htmlEscape(ex.getMessage()), new HttpHeaders(),
HttpStatus.CONFLICT, request);
}
}

0 comments on commit 3c93dea

Please sign in to comment.