Author: thomas.heute(a)jboss.com Date: 2010-04-20 12:17:38 -0400 (Tue, 20 Apr 2010) New Revision: 2691 Modified: portal/branches/EPP_5_0_Branch/portlet/web/src/main/webapp/groovy/portal/webui/component/UIPortalNavigation.gtmpl Log: JBEPP-313: XSS in navigation management Modified: portal/branches/EPP_5_0_Branch/portlet/web/src/main/webapp/groovy/portal/webui/component/UIPortalNavigation.gtmpl =================================================================== --- portal/branches/EPP_5_0_Branch/portlet/web/src/main/webapp/groovy/portal/webui/component/UIPortalNavigation.gtmpl 2010-04-20 16:10:53 UTC (rev 2690) +++ portal/branches/EPP_5_0_Branch/portlet/web/src/main/webapp/groovy/portal/webui/component/UIPortalNavigation.gtmpl 2010-04-20 16:17:38 UTC (rev 2691) @@ -151,6 +151,8 @@ String pageURI = Util.getPortalRequestContext().getPortalURI() + node.getUri(); String label = node.resolvedLabel; if(label.length() > 30) label = label.substring(0,29) + "..."; + EntityEncoder entityEncoder = EntityEncoder.FULL; + label=entityEncoder.encode(label); if(node.pageReference != null) { if(uicomponent.isUseAjax()) { String onclickEvt = uicomponent.event("SelectNode", nav.getId() + "::" + node.getUri()) + ";return false;";