Resubmitting based on a couple of things. 1. Informal feedback stating that I left out one of the minor original packages. 2. Refactoring of a few confusing copied methods was necessary in my opinion. Discussed below: 1. Too many copies of escapeJavaScriptString all over the place. Consolidated dow to the two related functions "escapeJavaScriptString" and "escapeJavaScriptStringHTML" methods in the CMSTemplate class to be called everywhere. Removed the duplicated methods in other classes. 2. There were some places where "escapeJavaScriptString" was called, when we really wanted "escapeJavaScriptStringHTML". Fixed that everywhere. One reason for this is a copied version of "escapeJavaScriptString" actually was identical to CMSTemplate.escapeJavaScriptString, which has been removed. All major test cases from the various bugs retested to work fine. ----- Original Message ----- From: "John Magne" <jmagne(a)redhat.com&gt; To: "pki-devel" <pki-devel(a)redhat.com&gt; Sent: Tuesday, May 12, 2015 2:02:01 PM Subject: [pki-devel[PATCH] 0034-Fix-XSS-attacks-on-the-dogtag-administration-page-13.patch Fix XSS attacks on the dogtag administration page #1373. Porting this set of fixes over from last downstream release upstream.