[gatein-commits] gatein SVN: r6842 - epp/portal/branches/EPP_5_2_Branch/webui/core/src/main/java/org/exoplatform/webui/form.
do-not-reply at jboss.org
do-not-reply at jboss.org
Fri Jul 8 05:52:00 EDT 2011
Author: theute
Date: 2011-07-08 05:52:00 -0400 (Fri, 08 Jul 2011)
New Revision: 6842
Modified:
epp/portal/branches/EPP_5_2_Branch/webui/core/src/main/java/org/exoplatform/webui/form/UIFormTextAreaInput.java
Log:
JBEPP-997
> > XSS issue in category description
Modified: epp/portal/branches/EPP_5_2_Branch/webui/core/src/main/java/org/exoplatform/webui/form/UIFormTextAreaInput.java
===================================================================
--- epp/portal/branches/EPP_5_2_Branch/webui/core/src/main/java/org/exoplatform/webui/form/UIFormTextAreaInput.java 2011-07-08 09:44:46 UTC (rev 6841)
+++ epp/portal/branches/EPP_5_2_Branch/webui/core/src/main/java/org/exoplatform/webui/form/UIFormTextAreaInput.java 2011-07-08 09:52:00 UTC (rev 6842)
@@ -21,6 +21,7 @@
import org.exoplatform.webui.application.WebuiRequestContext;
import org.exoplatform.commons.serialization.api.annotations.Serialized;
+import org.gatein.common.text.EntityEncoder;
import java.io.Writer;
@@ -41,6 +42,11 @@
*/
private int columns = 30;
+ /**
+ * HTML Entity Encoder
+ */
+ private EntityEncoder entityEncoder = EntityEncoder.FULL;
+
public UIFormTextAreaInput()
{
}
@@ -72,7 +78,7 @@
w.append(" cols=\"").append(String.valueOf(columns)).append("\"");
w.write(">");
if (value != null)
- w.write(value);
+ w.write(entityEncoder.encode(value));
w.write("</textarea>");
if (this.isMandatory())
w.write(" *");
More information about the gatein-commits
mailing list