Author: hfnukal Date: 2011-08-10 09:40:33 -0400 (Wed, 10 Aug 2011) New Revision: 7041 Modified: epp/portal/branches/EPP_5_1_Branch/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UICategoryForm.java Log: JBEPP-997 XSS issue in category description Modified: epp/portal/branches/EPP_5_1_Branch/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UICategoryForm.java =================================================================== --- epp/portal/branches/EPP_5_1_Branch/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UICategoryForm.java 2011-08-10 09:37:17 UTC (rev 7040) +++ epp/portal/branches/EPP_5_1_Branch/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UICategoryForm.java 2011-08-10 13:40:33 UTC (rev 7041) @@ -41,6 +41,7 @@ import org.exoplatform.webui.form.validator.StringLengthValidator; import org.exoplatform.webui.organization.UIListPermissionSelector; import org.exoplatform.webui.organization.UIListPermissionSelector.EmptyIteratorValidator; +import org.gatein.common.text.EntityEncoder; import java.util.ArrayList; import java.util.Date; @@ -104,7 +105,7 @@ category_ = category; uiSetting.getUIStringInput(FIELD_NAME).setEditable(false).setValue(category_.getName()); uiSetting.getUIStringInput(FIELD_DISPLAY_NAME).setValue(category_.getDisplayName()); - uiSetting.getUIFormTextAreaInput(FIELD_DESCRIPTION).setValue(category_.getDescription()); + uiSetting.getUIFormTextAreaInput(FIELD_DESCRIPTION).setValue( EntityEncoder.FULL.encode(category_.getDescription()) ); List<String> accessPermissions = category_.getAccessPermissions(); String[] per = new String[accessPermissions.size()]; if (accessPermissions != null && accessPermissions.size() > 0)