From 57217c3ee37130c7acf460cf4d1661eae2f3c566 Mon Sep 17 00:00:00 2001
From: "Christopher L. Shannon" <cshannon@apache.org>
Date: Thu, 5 Mar 2026 12:10:37 -0500
Subject: [PATCH] Improve PortfolioPublishServlet encoding

Use HTML encoding for output instead of URL encoding
---
 .../org/apache/activemq/web/PortfolioPublishServlet.java  | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/activemq-web/src/main/java/org/apache/activemq/web/PortfolioPublishServlet.java b/activemq-web/src/main/java/org/apache/activemq/web/PortfolioPublishServlet.java
index 2d135d6821b..e73229eb58d 100644
--- a/activemq-web/src/main/java/org/apache/activemq/web/PortfolioPublishServlet.java
+++ b/activemq-web/src/main/java/org/apache/activemq/web/PortfolioPublishServlet.java
@@ -28,6 +28,7 @@
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.web.util.HtmlUtils;
 
 /**
  * A servlet which will publish dummy market data prices
@@ -75,8 +76,9 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t
                 out.println("</body></html>");
 
             } catch (JMSException e) {
-                out.println("<html><body>Failed sending price messages due to <b>" + e + "</b></body></html>");
-                log("Failed to send message: " + e, e);
+                String errorMessage = e.getMessage();
+                out.println("<html><body>Failed sending price messages due to <b>" + escape(errorMessage) + "</b></body></html>");
+                log("Failed to send message: " + errorMessage, e);
             }
         }
     }
@@ -132,6 +134,6 @@ protected int getNumberOfMessages(HttpServletRequest request) {
     }
 
     protected String escape(String text) throws IOException {
-        return java.net.URLEncoder.encode(text, "UTF-8");
+        return text != null ? HtmlUtils.htmlEscape(text, "UTF-8") : null;
     }
 }