$OpenBSD: patch-mcs_class_System_Web_System_Web_HttpForbiddenHandler_cs,v 1.1 2012/07/13 16:59:15 jasper Exp $

Security fix for CVE-2012-3382, Mono "ProcessRequest()" Cross-Site Scripting Vulnerability
From upstream git: https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2

--- mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs.orig	Fri Jul 13 16:36:05 2012
+++ mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs	Fri Jul 13 16:37:03 2012
@@ -42,7 +42,7 @@ namespace System.Web
 				
 			throw new HttpException (403,
 						 "This type of page is not served.",
-						 req != null ? req.Path : null,
+						 req != null ? HttpUtility.HtmlEncode (req.Path) : null,
 						 description);
 		}
 
