gatein SVN: r6841 - epp/portal/branches/EPP_5_1_Branch/webui/core/src/main/java/org/exoplatform/webui/form. - gatein-commits

Friday, 8 July 2011


Author: theute
Date: 2011-07-08 05:44:46 -0400 (Fri, 08 Jul 2011)
New Revision: 6841

Modified:
  
epp/portal/branches/EPP_5_1_Branch/webui/core/src/main/java/org/exoplatform/webui/form/UIFormTextAreaInput.java
Log:
JBEPP-997
XSS issue in category description

Modified:
epp/portal/branches/EPP_5_1_Branch/webui/core/src/main/java/org/exoplatform/webui/form/UIFormTextAreaInput.java
===================================================================
---
epp/portal/branches/EPP_5_1_Branch/webui/core/src/main/java/org/exoplatform/webui/form/UIFormTextAreaInput.java	2011-07-08
07:56:19 UTC (rev 6840)
+++
epp/portal/branches/EPP_5_1_Branch/webui/core/src/main/java/org/exoplatform/webui/form/UIFormTextAreaInput.java	2011-07-08
09:44:46 UTC (rev 6841)
@@ -21,6 +21,7 @@
 
 import org.exoplatform.webui.application.WebuiRequestContext;
 import org.exoplatform.commons.serialization.api.annotations.Serialized;
+import org.gatein.common.text.EntityEncoder;
 
 import java.io.Writer;
 
@@ -41,6 +42,11 @@
     */
    private int columns = 30;
 
+   /**
+    * HTML Entity Encoder
+    */
+   private EntityEncoder entityEncoder = EntityEncoder.FULL;
+
    public UIFormTextAreaInput()
    {
    }
@@ -72,7 +78,7 @@
       w.append("
cols=\"").append(String.valueOf(columns)).append("\"");
       w.write(">");
       if (value != null)
-         w.write(value);
+         w.write(entityEncoder.encode(value));
       w.write("</textarea>");
       if (this.isMandatory())
          w.write(" *");


    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

gatein SVN: r6841 - epp/portal/branches/EPP_5_1_Branch/webui/core/src/main/java/org/exoplatform/webui/form.