Author: theute Date: 2011-04-13 05:46:45 -0400 (Wed, 13 Apr 2011) New Revision: 6201 Modified: portal/trunk/web/portal/src/main/webapp/groovy/webui/core/UIPopupMessages.gtmpl Log: GTNPORTAL-1858: XSS issue in dashboard new page creation Modified: portal/trunk/web/portal/src/main/webapp/groovy/webui/core/UIPopupMessages.gtmpl =================================================================== --- portal/trunk/web/portal/src/main/webapp/groovy/webui/core/UIPopupMessages.gtmpl 2011-04-13 06:55:43 UTC (rev 6200) +++ portal/trunk/web/portal/src/main/webapp/groovy/webui/core/UIPopupMessages.gtmpl 2011-04-13 09:46:45 UTC (rev 6201) @@ -7,7 +7,8 @@ * version: $Id$ */ %> -<% +<% + import org.gatein.common.text.EntityEncoder; String popupId = uicomponent.getId(); def rcontext = _ctx.getRequestContext(); @@ -69,6 +70,8 @@ } } } + EntityEncoder encoder = EntityEncoder.FULL; + msgValue = encoder.encode(msgValue); println msgValue; println " </div>"; println " <div style=\"clear:left\"><span></span></div>"; @@ -166,4 +169,4 @@ rcontext.getJavascriptManager().addJavascript("eXo.webui.UIPopupWindow.show('$popupId', $uicomponent.showMask);"); rcontext.getJavascriptManager().addJavascript("window.setTimeout(\"eXo.webui.UIPopupWindow.increasezIndex('$popupId')\", 100);"); } - %> \ No newline at end of file + %>