From f4c9d23af0ff9819562ec648b0379b2b7790b8a9 Mon Sep 17 00:00:00 2001
From: Graham Triggs <grahamtriggs@gmail.com>
Date: Fri, 10 Nov 2017 10:00:17 -0500
Subject: [PATCH 1/2] Fix NPE when no ontology URI is specified

---
 .../vitro/webapp/controller/jena/JenaExportController.java   | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/jena/JenaExportController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/jena/JenaExportController.java
index d132585fe..f7a4ce851 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/jena/JenaExportController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/jena/JenaExportController.java
@@ -106,7 +106,10 @@ public class JenaExportController extends BaseEditController {
 		String formatParam = vreq.getParameter("format");
 		String subgraphParam = vreq.getParameter("subgraph");
 		String assertedOrInferredParam = vreq.getParameter("assertedOrInferred");
-		StringBuilder ontologyURI = new StringBuilder(vreq.getParameter("ontologyURI"));
+		StringBuilder ontologyURI = new StringBuilder();
+		if (vreq.getParameter("ontologyURI") != null) {
+			ontologyURI.append(vreq.getParameter("ontologyURI"));
+		}
 		
 		Model model = null;
 		OntModel ontModel = ModelFactory.createOntologyModel();

From 0e15b9a69a77014d3a6397b861c7311e78dcc1c1 Mon Sep 17 00:00:00 2001
From: Graham Triggs <grahamtriggs@gmail.com>
Date: Fri, 10 Nov 2017 12:01:23 -0500
Subject: [PATCH 2/2] [VIVO-1404] Disable XSS protection on the SPARQL query
 page

---
 .../vitro/webapp/controller/admin/SparqlQueryController.java     | 1 +
 1 file changed, 1 insertion(+)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/admin/SparqlQueryController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/admin/SparqlQueryController.java
index df1fb7440..6166d1cf9 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/admin/SparqlQueryController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/admin/SparqlQueryController.java
@@ -96,6 +96,7 @@ public class SparqlQueryController extends FreemarkerHttpServlet {
 				SimplePermission.USE_SPARQL_QUERY_PAGE.ACTION)) {
 			return;
 		}
+		resp.addHeader("X-XSS-Protection", "0");
 		if (req.getParameterMap().containsKey("query")) {
 			respondToQuery(req, resp);
 		} else {