gatein SVN: r6843 - in portal/trunk: webui/core/src/main/java/org/exoplatform/webui/form and 1 other directory. - gatein-commits

Friday, 8 July 2011


Author: theute
Date: 2011-07-08 05:53:21 -0400 (Fri, 08 Jul 2011)
New Revision: 6843

Modified:
   portal/trunk/
  
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormTextAreaInput.java
Log:
GTNPORTAL-1955: XSS issue in category description


Property changes on: portal/trunk
___________________________________________________________________
Modified: svn:mergeinfo
   - /portal/branches/branch-GTNPORTAL-1790:5864-5919
/portal/branches/branch-GTNPORTAL-1822:5938-5991
/portal/branches/branch-GTNPORTAL-1832:5993-6105
/portal/branches/branch-GTNPORTAL-1872:6327-6594
/portal/branches/branch-GTNPORTAL-1921:6597-6803
/portal/branches/decoupled-webos:6214-6243
/portal/branches/global-portlet-metadata:6298-6384
/portal/branches/site-describability:6171-6235
/portal/branches/wsrp-extraction:5828-6031
   + /epp/portal/branches/EPP_5_1_Branch:6841
/portal/branches/branch-GTNPORTAL-1790:5864-5919
/portal/branches/branch-GTNPORTAL-1822:5938-5991
/portal/branches/branch-GTNPORTAL-1832:5993-6105
/portal/branches/branch-GTNPORTAL-1872:6327-6594
/portal/branches/branch-GTNPORTAL-1921:6597-6803
/portal/branches/decoupled-webos:6214-6243
/portal/branches/global-portlet-metadata:6298-6384
/portal/branches/site-describability:6171-6235
/portal/branches/wsrp-extraction:5828-6031

Modified:
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormTextAreaInput.java
===================================================================
---
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormTextAreaInput.java	2011-07-08
09:52:00 UTC (rev 6842)
+++
portal/trunk/webui/core/src/main/java/org/exoplatform/webui/form/UIFormTextAreaInput.java	2011-07-08
09:53:21 UTC (rev 6843)
@@ -21,6 +21,7 @@
 
 import org.exoplatform.webui.application.WebuiRequestContext;
 import org.exoplatform.commons.serialization.api.annotations.Serialized;
+import org.gatein.common.text.EntityEncoder;
 
 import java.io.Writer;
 
@@ -41,6 +42,11 @@
     */
    private int columns = 30;
 
+   /**
+    * HTML Entity Encoder
+    */
+   private EntityEncoder entityEncoder = EntityEncoder.FULL;
+
    public UIFormTextAreaInput()
    {
    }
@@ -72,7 +78,7 @@
       w.append("
cols=\"").append(String.valueOf(columns)).append("\"");
       w.write(">");
       if (value != null)
-         w.write(value);
+         w.write(entityEncoder.encode(value));
       w.write("</textarea>");
       if (this.isMandatory())
          w.write(" *");


    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

gatein SVN: r6843 - in portal/trunk: webui/core/src/main/java/org/exoplatform/webui/form and 1 other directory.