From 84e50db0ee7fd4e00061148e673f1c171bca7667 Mon Sep 17 00:00:00 2001
From: Kelven Yang <kelven@cloud.com>
Date: Thu, 10 Nov 2011 12:01:36 -0800
Subject: [PATCH] bug 11973: Escape VM name to prevent from XSS attack.
 Reviewed-by: Alex huang

---
 .../cloud/servlet/ConsoleProxyServlet.java    | 21 ++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/server/src/com/cloud/servlet/ConsoleProxyServlet.java b/server/src/com/cloud/servlet/ConsoleProxyServlet.java
index 4b2f6391ca2..a748329aafb 100644
--- a/server/src/com/cloud/servlet/ConsoleProxyServlet.java
+++ b/server/src/com/cloud/servlet/ConsoleProxyServlet.java
@@ -243,7 +243,7 @@ public class ConsoleProxyServlet extends HttpServlet {
 		}
 		
 		StringBuffer sb = new StringBuffer();
-		sb.append("<html><title>").append(vmName).append("</title><frameset><frame src=\"").append(composeConsoleAccessUrl(rootUrl, vm, host));
+		sb.append("<html><title>").append(escapeHTML(vmName)).append("</title><frameset><frame src=\"").append(composeConsoleAccessUrl(rootUrl, vm, host));
 		sb.append("\"></frame></frameset></html>");
 		sendResponse(resp, sb.toString());
 	}
@@ -547,4 +547,23 @@ public class ConsoleProxyServlet extends HttpServlet {
         }
         return false;
     }
+    
+    public static final String escapeHTML(String content){
+        if(content == null || content.isEmpty())
+            return content;
+        
+        StringBuffer sb = new StringBuffer();
+        for (int i = 0; i < content.length(); i++) {
+           char c = content.charAt(i);
+           switch (c) {
+              case '<': sb.append("&lt;"); break;
+              case '>': sb.append("&gt;"); break;
+              case '&': sb.append("&amp;"); break;
+              case '"': sb.append("&quot;"); break;
+              case ' ': sb.append("&nbsp;");break;         
+              default:  sb.append(c); break;
+           }
+        }
+        return sb.toString();
+     }    
 }