gatein SVN: r6202 - in portal/trunk/portlet: exoadmin/src/main/webapp/groovy/admintoolbar/webui/component and 1 other directory.
5:26 a.m.
Author: theute
Date: 2011-04-13 06:26:26 -0400 (Wed, 13 Apr 2011)
New Revision: 6202
Modified:
portal/trunk/portlet/dashboard/src/main/webapp/groovy/dashboard/webui/component/UITabPaneDashboard.gtmpl
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/admintoolbar/webui/component/UIUserToolBarDashboardPortlet.gtmpl
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/admintoolbar/webui/component/UIUserToolBarGroupPortlet.gtmpl
Log:
GTNPORTAL-1858: XSS issue in dashboard new page creation
Modified:
portal/trunk/portlet/dashboard/src/main/webapp/groovy/dashboard/webui/component/UITabPaneDashboard.gtmpl
===================================================================
---
portal/trunk/portlet/dashboard/src/main/webapp/groovy/dashboard/webui/component/UITabPaneDashboard.gtmpl 2011-04-13
09:46:45 UTC (rev 6201)
+++
portal/trunk/portlet/dashboard/src/main/webapp/groovy/dashboard/webui/component/UITabPaneDashboard.gtmpl 2011-04-13
10:26:26 UTC (rev 6202)
@@ -6,6 +6,7 @@
import org.exoplatform.portal.webui.portal.UIPortal;
import org.exoplatform.portal.application.PortalRequestContext;
import org.exoplatform.web.application.JavascriptManager;
+ import org.gatein.common.text.EntityEncoder;
//PageNavigation pageNavigation = uicomponent.getPageNavigation();
//ArrayList<PageNode> nodes = pageNavigation.getNodes();
@@ -35,6 +36,8 @@
{
tabLabel = _ctx.appRes("UIUserToolBarDashboard.page." +
node.getLabel());
}
+ EntityEncoder encoder = EntityEncoder.FULL;
+ tabLabel = encoder.encode(tabLabel);
String param = "" + i;
if(node.getUri().equals(selectedNode.getUri())){
%>
Modified:
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/admintoolbar/webui/component/UIUserToolBarDashboardPortlet.gtmpl
===================================================================
---
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/admintoolbar/webui/component/UIUserToolBarDashboardPortlet.gtmpl 2011-04-13
09:46:45 UTC (rev 6201)
+++
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/admintoolbar/webui/component/UIUserToolBarDashboardPortlet.gtmpl 2011-04-13
10:26:26 UTC (rev 6202)
@@ -4,6 +4,7 @@
import org.exoplatform.web.application.JavascriptManager;
import org.exoplatform.portal.webui.util.Util ;
import org.exoplatform.webui.organization.OrganizationUtils;
+ import org.gatein.common.text.EntityEncoder;
def rcontext = _ctx.getRequestContext() ;
JavascriptManager jsmanager = rcontext.getJavascriptManager();
@@ -63,6 +64,8 @@
String title = "";
if(toolong) title = "title='$resolvedLabel'";
else title = "";
+ EntityEncoder entityEncoder = EntityEncoder.FULL;
+ label = entityEncoder.encode(label);
print """
<div class="MenuItem $tabStyleNavigation">
<div class="$clazz">
Modified:
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/admintoolbar/webui/component/UIUserToolBarGroupPortlet.gtmpl
===================================================================
---
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/admintoolbar/webui/component/UIUserToolBarGroupPortlet.gtmpl 2011-04-13
09:46:45 UTC (rev 6201)
+++
portal/trunk/portlet/exoadmin/src/main/webapp/groovy/admintoolbar/webui/component/UIUserToolBarGroupPortlet.gtmpl 2011-04-13
10:26:26 UTC (rev 6202)
@@ -49,7 +49,7 @@
String title = "";
if(toolong) title = "title='$node.resolvedLabel'";
else title = "";
- EntityEncoder entityEncoder = EntityEncoder.FULL;
+ EntityEncoder entityEncoder = EntityEncoder.FULL;
label = entityEncoder.encode(label);
print """
<div class="MenuItem $tabStyleNavigation portlet-menu-cascade-item">
5498
days inactive
5498
days old
gatein-commits@lists.jboss.org
0 comments
1 participants
participants (1)
-
do-not-reply@jboss.org