Author: thomas.heute(a)jboss.com
Date: 2010-04-20 10:44:27 -0400 (Tue, 20 Apr 2010)
New Revision: 2685
Modified:
portal/trunk/portlet/web/src/main/webapp/groovy/portal/webui/component/UIPortalNavigation.gtmpl
Log:
GTNPORTAL-1105: XSS in navigation management
Modified:
portal/trunk/portlet/web/src/main/webapp/groovy/portal/webui/component/UIPortalNavigation.gtmpl
===================================================================
---
portal/trunk/portlet/web/src/main/webapp/groovy/portal/webui/component/UIPortalNavigation.gtmpl 2010-04-20
14:39:19 UTC (rev 2684)
+++
portal/trunk/portlet/web/src/main/webapp/groovy/portal/webui/component/UIPortalNavigation.gtmpl 2010-04-20
14:44:27 UTC (rev 2685)
@@ -151,6 +151,8 @@
String pageURI = Util.getPortalRequestContext().getPortalURI() +
node.getUri();
String label = node.resolvedLabel;
if(label.length() > 30) label = label.substring(0,29) +
"...";
+ EntityEncoder entityEncoder = EntityEncoder.FULL;
+ label=entityEncoder.encode(label);
if(node.pageReference != null) {
if(uicomponent.isUseAjax()) {
String onclickEvt =
uicomponent.event("SelectNode", nav.getId() + "::" + node.getUri()) +
";return false;";
Show replies by date