From 40c6d621a03e6a50b291dca7188d07d0aa3de946 Mon Sep 17 00:00:00 2001
From: Pierre Beitz <pibeitz@gmail.com>
Date: Tue, 3 Mar 2020 04:42:12 +0100
Subject: [PATCH] [SECURITY-1722]

---
 .../java/hudson/plugins/audit_trail/AuditTrailPlugin.java  | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/main/java/hudson/plugins/audit_trail/AuditTrailPlugin.java b/src/main/java/hudson/plugins/audit_trail/AuditTrailPlugin.java
index 627171f..f0deaf4 100644
--- a/src/main/java/hudson/plugins/audit_trail/AuditTrailPlugin.java
+++ b/src/main/java/hudson/plugins/audit_trail/AuditTrailPlugin.java
@@ -26,6 +26,7 @@
 import hudson.DescriptorExtensionList;
 import hudson.Extension;
 
+import hudson.Util;
 import hudson.XmlFile;
 import hudson.model.AbstractBuild;
 import hudson.model.Descriptor;
@@ -169,9 +170,11 @@ public FormValidation doRegexCheck(@QueryParameter final String value)
             Pattern.compile(value);
             return FormValidation.ok();
         } catch (Exception ex) {
+            // SECURITY-1722: As the exception message will contain the user input Pattern,
+            // it needs to be escaped to prevent an XSS attack
             return FormValidation.errorWithMarkup("Invalid <a href=\""
-                    + "http://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html"
-                    + "\">regular expression</a> (" + ex.getMessage() + ")");
+                    + "https://docs.oracle.com/javase/8/docs/api/java/util/regex/Pattern.html"
+                    + "\">regular expression</a> (" + Util.escape(ex.getMessage()) + ")");
         }
     }