From c04c130f43fd5367d370941218fabcdbf5bc016a Mon Sep 17 00:00:00 2001
From: MDeLuise <66636702+MDeLuise@users.noreply.github.com>
Date: Thu, 16 May 2024 13:01:38 +0200
Subject: [PATCH] fix(security): remove unnecessary localization logic
Removed unnecessary localization logic that dynamically set the locale based on request parameters to mitigate a XSS vulnerability. Since our system does not support multiple languages, replaced it with a static default locale of `en`.
---
console/web/src/main/webapp/console.jsp | 9 +--------
1 file changed, 1 insertion(+), 8 deletions(-)
diff --git a/console/web/src/main/webapp/console.jsp b/console/web/src/main/webapp/console.jsp
index dc190445243..da3ee7e266f 100644
--- a/console/web/src/main/webapp/console.jsp
+++ b/console/web/src/main/webapp/console.jsp
@@ -32,14 +32,7 @@
-
- <% if (request.getParameter("l") != null) { %>
- ">
- <% } else if (request.getHeader("Accept-Language") != null) { %>
- ">
- <% } else { %>
-
- <% } %>
+