Jetty: Don't show null exception message in XSSFilter

i2p · Jul 2, 2024 · cad8fe9 · cad8fe9
1 parent 452968e
commit cad8fe9
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/apps/jetty/java/src/net/i2p/servlet/filters/XSSFilter.java b/apps/jetty/java/src/net/i2p/servlet/filters/XSSFilter.java
@@ -37,7 +37,10 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
             // This way we at least get the error to the browser.
             I2PAppContext.getGlobalContext().logManager().getLog(XSSFilter.class).error("XSS Filter Error", ise);
             try {
-                ((HttpServletResponse)response).sendError(413, "XSS Filter " + ise.getMessage());
+                String msg = ise.getMessage();
+                if (msg == null)
+                    msg = ise.toString();
+                ((HttpServletResponse)response).sendError(413, "XSS Filter " + msg);
             } catch (IllegalStateException ise2) {
                 // Committed, probably wasn't a multipart form error after all
             }