[gatein-commits] gatein SVN: r2690 - portal/branches/EPP_5_0_0_CR01_Branch/portlet/web/src/main/webapp/groovy/portal/webui/component.
do-not-reply at jboss.org
do-not-reply at jboss.org
Tue Apr 20 12:10:54 EDT 2010
Author: thomas.heute at jboss.com
Date: 2010-04-20 12:10:53 -0400 (Tue, 20 Apr 2010)
New Revision: 2690
Modified:
portal/branches/EPP_5_0_0_CR01_Branch/portlet/web/src/main/webapp/groovy/portal/webui/component/UIPortalNavigation.gtmpl
Log:
JBEPP-313: XSS in navigation management
Modified: portal/branches/EPP_5_0_0_CR01_Branch/portlet/web/src/main/webapp/groovy/portal/webui/component/UIPortalNavigation.gtmpl
===================================================================
--- portal/branches/EPP_5_0_0_CR01_Branch/portlet/web/src/main/webapp/groovy/portal/webui/component/UIPortalNavigation.gtmpl 2010-04-20 16:09:36 UTC (rev 2689)
+++ portal/branches/EPP_5_0_0_CR01_Branch/portlet/web/src/main/webapp/groovy/portal/webui/component/UIPortalNavigation.gtmpl 2010-04-20 16:10:53 UTC (rev 2690)
@@ -151,6 +151,8 @@
String pageURI = Util.getPortalRequestContext().getPortalURI() + node.getUri();
String label = node.resolvedLabel;
if(label.length() > 30) label = label.substring(0,29) + "...";
+ EntityEncoder entityEncoder = EntityEncoder.FULL;
+ label=entityEncoder.encode(label);
if(node.pageReference != null) {
if(uicomponent.isUseAjax()) {
String onclickEvt = uicomponent.event("SelectNode", nav.getId() + "::" + node.getUri()) + ";return false;";
More information about the gatein-commits
mailing list