Author: hfnukal
Date: 2011-05-09 10:35:45 -0400 (Mon, 09 May 2011)
New Revision: 6454
Modified:
epp/portal/branches/EPP_5_1_Branch/web/portal/src/main/webapp/groovy/portal/webui/workspace/UIPortalApplication.gtmpl
Log:
JBEPP-365 XSS in page title
Modified:
epp/portal/branches/EPP_5_1_Branch/web/portal/src/main/webapp/groovy/portal/webui/workspace/UIPortalApplication.gtmpl
===================================================================
---
epp/portal/branches/EPP_5_1_Branch/web/portal/src/main/webapp/groovy/portal/webui/workspace/UIPortalApplication.gtmpl 2011-05-09
14:14:09 UTC (rev 6453)
+++
epp/portal/branches/EPP_5_1_Branch/web/portal/src/main/webapp/groovy/portal/webui/workspace/UIPortalApplication.gtmpl 2011-05-09
14:35:45 UTC (rev 6454)
@@ -7,7 +7,10 @@
import java.util.Iterator;
import org.exoplatform.portal.webui.portal.UIPortal ;
import org.exoplatform.portal.config.model.PortalProperties ;
+ import org.gatein.common.text.EntityEncoder;
+ EntityEncoder encoder = EntityEncoder.FULL;
+
def rcontext = _ctx.getRequestContext() ;
String docBase = rcontext.getRequestContextPath() ;
String skin = uicomponent.getSkin();
@@ -15,7 +18,7 @@
def portletSkins = uicomponent.getPortletSkins() ;
def scriptsPaths = uicomponent.getJavascriptURLs();
def lang = uicomponent.getLocale().getLanguage();
- def title = rcontext.getTitle();
+ def title = encoder.encode(rcontext.getTitle());
def metaInformation = rcontext.getMetaInformation();
%>