[gatein-commits] gatein SVN: r6291 - epp/portal/branches/EPP_5_1_Branch/web/portal/src/main/webapp/groovy/webui/core.
do-not-reply at jboss.org
do-not-reply at jboss.org
Tue Apr 19 11:20:36 EDT 2011
Author: hfnukal
Date: 2011-04-19 11:20:35 -0400 (Tue, 19 Apr 2011)
New Revision: 6291
Modified:
epp/portal/branches/EPP_5_1_Branch/web/portal/src/main/webapp/groovy/webui/core/UIGrid.gtmpl
Log:
JBEPP-598 XSS issue in user creation page
Modified: epp/portal/branches/EPP_5_1_Branch/web/portal/src/main/webapp/groovy/webui/core/UIGrid.gtmpl
===================================================================
--- epp/portal/branches/EPP_5_1_Branch/web/portal/src/main/webapp/groovy/webui/core/UIGrid.gtmpl 2011-04-19 15:13:30 UTC (rev 6290)
+++ epp/portal/branches/EPP_5_1_Branch/web/portal/src/main/webapp/groovy/webui/core/UIGrid.gtmpl 2011-04-19 15:20:35 UTC (rev 6291)
@@ -3,6 +3,7 @@
import org.exoplatform.webui.form.UIForm;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
+ import org.gatein.common.text.EntityEncoder;
String[] beanFields = uicomponent.getBeanFields();
String[] beanActions = uicomponent.getBeanActions();
@@ -64,6 +65,7 @@
%>
<tr class="$rowClass">
<%
+ EntityEncoder encoder = EntityEncoder.FULL;
for (field in beanFields)
{
def fieldValue = uicomponent.getFieldValue(bean, field);
@@ -80,8 +82,8 @@
} else {
fieldValue = "";
}
- String value = fieldValue.toString();
- println "<td><div class=\""+cssClass+"\" title='$fieldValue'>"+fieldValue+"</div></td>";
+ String value = encoder.encode(fieldValue.toString());
+ println "<td><div class=\""+cssClass+"\" title='$value'>"+value+"</div></td>";
}
if (beanActions != null && beanActions.length > 0)
{
More information about the gatein-commits
mailing list