[gatein-commits] gatein SVN: r5065 - epp/portal/branches/EPP_5_1_Branch/web/portal/src/main/webapp/groovy/portal/webui/application.

Author: thomas.heute(a)jboss.com Date: 2010-11-12 06:12:24 -0500 (Fri, 12 Nov 2010) New Revision: 5065 Modified: epp/portal/branches/EPP_5_1_Branch/web/portal/src/main/webapp/groovy/portal/webui/application/UIApplicationList.gtmpl Log: JBEPP-595: XSS issue in category name input Modified: epp/portal/branches/EPP_5_1_Branch/web/portal/src/main/webapp/groovy/portal/webui/application/UIApplicationList.gtmpl =================================================================== --- epp/portal/branches/EPP_5_1_Branch/web/portal/src/main/webapp/groovy/portal/webui/application/UIApplicationList.gtmpl 2010-11-12 10:59:02 UTC (rev 5064) +++ epp/portal/branches/EPP_5_1_Branch/web/portal/src/main/webapp/groovy/portal/webui/application/UIApplicationList.gtmpl 2010-11-12 11:12:24 UTC (rev 5065) @@ -1,4 +1,5 @@ <% +import org.gatein.common.text.EntityEncoder; def categories = uicomponent.getCategories(); def selectedCategory = uicomponent.getSelectedCategory(); %> @@ -17,6 +18,8 @@ cName = category.getName(); displayName =category.getDisplayName(); if(displayName == null || displayName.length() < 1 ) displayName = cName; + EntityEncoder encoder = EntityEncoder.FULL; + displayName = encoder.encode(displayName); if(selectedCategory != null && cName == selectedCategory.getName()) { isSelected = true; cTab = "SelectedTab"; @@ -67,4 +70,4 @@ <div class="ClearLeft"><span></span></div> </div> -</div> \ No newline at end of file +</div>