Author: thomas.heute(a)jboss.com Date: 2010-11-02 06:18:17 -0400 (Tue, 02 Nov 2010) New Revision: 4899 Modified: portal/trunk/web/portal/src/main/webapp/groovy/portal/webui/application/UIApplicationList.gtmpl Log: GTNPORTAL-1618: XSS issue in category name input Modified: portal/trunk/web/portal/src/main/webapp/groovy/portal/webui/application/UIApplicationList.gtmpl =================================================================== --- portal/trunk/web/portal/src/main/webapp/groovy/portal/webui/application/UIApplicationList.gtmpl 2010-11-02 09:31:36 UTC (rev 4898) +++ portal/trunk/web/portal/src/main/webapp/groovy/portal/webui/application/UIApplicationList.gtmpl 2010-11-02 10:18:17 UTC (rev 4899) @@ -1,4 +1,6 @@ <% +import org.gatein.common.text.EntityEncoder; + def categories = uicomponent.getCategories(); def selectedCategory = uicomponent.getSelectedCategory(); %> @@ -15,7 +17,8 @@ boolean isSelected = false; for(category in categories) { cName = category.getName(); - displayName =category.getDisplayName(); + EntityEncoder encoder = EntityEncoder.FULL; + displayName = encoder.encode(category.getDisplayName()); if(displayName == null || displayName.length() < 1 ) displayName = cName; if(selectedCategory != null && cName == selectedCategory.getName()) { isSelected = true; @@ -67,4 +70,4 @@ <div class="ClearLeft"><span></span></div> </div> -</div> \ No newline at end of file +</div>