From 404def398bdcbf52c66c775c91fceebac24cb653 Mon Sep 17 00:00:00 2001
From: cbilgin23 <45207499+cbilgin23@users.noreply.github.com>
Date: Fri, 9 Apr 2021 10:38:04 +0300
Subject: [PATCH] Update AddPage.java

---
 src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java b/src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java
index 343701b3..8d8fe24e 100644
--- a/src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java
+++ b/src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java
@@ -15,6 +15,7 @@
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import com.coverity.security.Escape;
 
 /**
  *
@@ -52,7 +53,8 @@ protected void processRequest(HttpServletRequest request, HttpServletResponse re
                     BufferedWriter bw=new BufferedWriter(new FileWriter(f.getAbsoluteFile()));
                     bw.write(content);
                     bw.close();
-                    out.print("Successfully created the file: <a href='../pages/"+fileName+"'>"+fileName+"</a>");
+                    String escaped = Escape.html(fileName)
+                    out.print("Successfully created the file: <a href='../pages/"+escaped+"'>"+escaped+"</a>");
                 }
                 else
                 {