# Backport patch for upstream Eclipse BZ: 329582 (XSS attack) --- plugins/org.eclipse.help.webapp/advanced/content.jsp.orig 2010-04-21 14:00:16.000000000 -0400 +++ plugins/org.eclipse.help.webapp/advanced/content.jsp 2010-12-10 09:41:14.642196217 -0500 @@ -45,7 +45,7 @@ - " src='<%="contentToolbar.jsp"+data.getQuery()%>' marginwidth="0" marginheight="0" scrolling="no" frameborder="0" > + " src='<%="contentToolbar.jsp"+UrlUtil.htmlEncode(data.getQuery())%>' marginwidth="0" marginheight="0" scrolling="no" frameborder="0" > " src='<%=UrlUtil.htmlEncode(data.getContentURL())%>' marginwidth="10"<%=(data.isIE() && "6.0".compareTo(data.getIEVersion()) <=0)?"scrolling=\"yes\"":""%> marginheight="0" frameborder="0" > <% AbstractFrame[] frames = frameData.getFrames(AbstractFrame.BELOW_CONTENT); --- plugins/org.eclipse.help.webapp/basic/index.jsp.orig 2010-04-21 14:00:17.000000000 -0400 +++ plugins/org.eclipse.help.webapp/basic/index.jsp 2010-12-10 09:42:58.516317455 -0500 @@ -29,8 +29,8 @@ <% } %> - " src='<%="basic/tabs.jsp"+data.getQuery()%>' marginwidth="5" marginheight="5" scrolling="no"> - " src='<%="basic/help.jsp"+data.getQuery()%>' frameborder="no" marginwidth="0" marginheight="0" scrolling="no"> + " src='<%="basic/tabs.jsp"+UrlUtil.htmlEncode(data.getQuery())%>' marginwidth="5" marginheight="5" scrolling="no"> + " src='<%="basic/help.jsp"+UrlUtil.htmlEncode(data.getQuery())%>' frameborder="no" marginwidth="0" marginheight="0" scrolling="no"> <% if(!("0".equals(data.getFooterHeight()))){ %>