From 89c98ed7ea0e1600eba809f0db6bdc075fcfc2af Mon Sep 17 00:00:00 2001
From: Konrad Windszus <konrad.windszus@netcentric.biz>
Date: Wed, 20 May 2026 17:03:18 +0200
Subject: [PATCH] Escape all user input properly

---
 .../cq/tools/actool/ui/AcToolUiService.java        |  5 +++--
 .../netcentric/cq/tools/actool/ui/HtmlWriter.java  | 14 +++++---------
 2 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ui/AcToolUiService.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ui/AcToolUiService.java
index e6b5084c..b79988a1 100644
--- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ui/AcToolUiService.java
+++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ui/AcToolUiService.java
@@ -576,8 +576,9 @@ private void printInstallationLogsSection(HtmlWriter writer, RequestParameters r
             return;
         }
 
+        String sanitizedCurrentPath = escapeHtml4(currentPath);
         for (AcToolExecution acToolExecution : acToolExecutions.values()) {
-            String linkToLog =  currentPath + "?" + PARAM_SHOW_LOG_ID + "=" + acToolExecution.getId();
+            String linkToLog =  sanitizedCurrentPath + "?" + PARAM_SHOW_LOG_ID + "=" + acToolExecution.getId();
             String downloadLinkToLog = basePath + "/" + SUFFIX_DOWNLOAD_LOG + "?" + PARAM_SHOW_LOG_ID + "=" + acToolExecution.getId();
             writer.tr();
             writer.openTd();
@@ -610,7 +611,7 @@ private void printInstallationLogsSection(HtmlWriter writer, RequestParameters r
                 String logHtml = acHistoryService.getLogFromHistory(reqParams.showLogId, true, reqParams.showLogVerbose, MAX_LINE_WIDTH);
 
                 writer.openTable("logTable");
-                writer.tableHeader(logLabel, 1, false);
+                writer.tableHeader(logLabel, 1);
                 writer.tr();
                 writer.openTd();
                 writer.println(logHtml);
diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ui/HtmlWriter.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ui/HtmlWriter.java
index 7df617ef..1546c724 100644
--- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ui/HtmlWriter.java
+++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ui/HtmlWriter.java
@@ -37,14 +37,6 @@ void closeTable() {
         pw.println("</table>");
     }
 
-    void tableHeader(String title, int colspan, boolean escape) {
-        tr();
-        pw.print("<th " + (isTouchUi ? "  is='coral-table-headercell'" : " class='content container'") + " colspan='" + colspan + "'>");
-        pw.print(escape ? escapeHtml4(title) : title);
-        pw.println("</th>");
-        closeTr();
-    }
-
     void print(String s) {
         pw.print(s);
     }
@@ -88,7 +80,11 @@ void closeTr() {
     }
 
     void tableHeader(String title, int colspan) {
-        tableHeader(title, colspan, true);
+        tr();
+        pw.print("<th " + (isTouchUi ? "  is='coral-table-headercell'" : " class='content container'") + " colspan='" + colspan + "'>");
+        pw.print(escapeHtml4(title));
+        pw.println("</th>");
+        closeTr();
     }
 
 }