Author: thomas.heute(a)jboss.com Date: 2010-04-20 10:44:27 -0400 (Tue, 20 Apr 2010) New Revision: 2685 Modified: portal/trunk/portlet/web/src/main/webapp/groovy/portal/webui/component/UIPortalNavigation.gtmpl Log: GTNPORTAL-1105: XSS in navigation management Modified: portal/trunk/portlet/web/src/main/webapp/groovy/portal/webui/component/UIPortalNavigation.gtmpl =================================================================== --- portal/trunk/portlet/web/src/main/webapp/groovy/portal/webui/component/UIPortalNavigation.gtmpl 2010-04-20 14:39:19 UTC (rev 2684) +++ portal/trunk/portlet/web/src/main/webapp/groovy/portal/webui/component/UIPortalNavigation.gtmpl 2010-04-20 14:44:27 UTC (rev 2685) @@ -151,6 +151,8 @@ String pageURI = Util.getPortalRequestContext().getPortalURI() + node.getUri(); String label = node.resolvedLabel; if(label.length() > 30) label = label.substring(0,29) + "..."; + EntityEncoder entityEncoder = EntityEncoder.FULL; + label=entityEncoder.encode(label); if(node.pageReference != null) { if(uicomponent.isUseAjax()) { String onclickEvt = uicomponent.event("SelectNode", nav.getId() + "::" + node.getUri()) + ";return false;";