[JDK-8087579] javafxpackager deploy task: -htmlparamfile option doesn't escape any characters - Java Bug System

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: P4
Resolution: Duplicate
Affects Version/s: None
Fix Version/s: 9
Component/s: deploy
Labels:
Environment:

Ubuntu 12.04 x64

java version "1.7.0_21"
Java(TM) SE Runtime Environment (build 1.7.0_21-b08)
Java HotSpot(TM) Server VM (build 23.21-b01, mixed mode)

Subcomponent:
packager

Description

If we'll write some crap into properties file, that needs to be escaped, i.e. double-quotes, we see that this line is not changed, so software that uses packager might be vulnerable because of this.

I attach some HelloWorld project to see this, to invoke it with htmlparamfiles type:
ant -f simple-build-big-cli.xml deploy-with-htmlparamfile

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

HelloWorld.tar.gz
220 kB
2013-03-29 05:06

Activity

People

Assignee:: Danno Ferrin (Inactive)

Reporter:: Dmitry Ginzburg (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2013-03-29 05:06

Updated:: 2015-06-18 17:28

Resolved:: 2015-06-18 17:28

Imported:: 12/Jun/15 3:28 PM

Application will be down for planned maintenance on April 26 09:00 AM to 11:00 AM PT (04:00 PM to 06:00 PM GMT)

Details

Description

Attachments

Attachments

Activity

People

Dates