Author: ndkhoiits
Date: 2011-09-13 05:46:18 -0400 (Tue, 13 Sep 2011)
New Revision: 7374
Modified:
portal/branches/xss-issues/webui/core/src/main/java/org/exoplatform/webui/core/UITree.java
Log:
GTNPORTAL-2090 XSS issue in application select permission editor
Modified:
portal/branches/xss-issues/webui/core/src/main/java/org/exoplatform/webui/core/UITree.java
===================================================================
---
portal/branches/xss-issues/webui/core/src/main/java/org/exoplatform/webui/core/UITree.java 2011-09-13
07:53:19 UTC (rev 7373)
+++
portal/branches/xss-issues/webui/core/src/main/java/org/exoplatform/webui/core/UITree.java 2011-09-13
09:46:18 UTC (rev 7374)
@@ -27,6 +27,7 @@
import org.exoplatform.webui.event.Event;
import org.exoplatform.webui.event.EventListener;
import org.exoplatform.webui.form.UIForm;
+import org.gatein.common.text.EntityEncoder;
import java.lang.reflect.Method;
import java.util.Collection;
@@ -305,6 +306,8 @@
{
fieldValue = fieldValue.substring(0, getMaxTitleCharacter() - 3) +
"...";
}
+
+ fieldValue = fieldValue == null ? fieldValue :
EntityEncoder.FULL.encode(fieldValue);
if (nodeIcon.equals(expandIcon))
{
builder.append(" <div
class=\"").append(nodeIcon).append("\"
onclick=\"").append(actionLink).append("\">");
Show replies by date