portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From woon...@apache.org
Subject svn commit: r1724142 - /portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/jetui/yui/jetui.jsp
Date Mon, 11 Jan 2016 23:12:12 GMT
Author: woonsan
Date: Mon Jan 11 23:12:11 2016
New Revision: 1724142

URL: http://svn.apache.org/viewvc?rev=1724142&view=rev
Log:
escaping jetui document title element for safety.

Modified:
    portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/jetui/yui/jetui.jsp

Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/jetui/yui/jetui.jsp
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/jetui/yui/jetui.jsp?rev=1724142&r1=1724141&r2=1724142&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/jetui/yui/jetui.jsp
(original)
+++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/jetui/yui/jetui.jsp
Mon Jan 11 23:12:11 2016
@@ -21,6 +21,7 @@ limitations under the License.
 <%@ page import="java.util.Map" %>
 <%@ page import="java.util.Set" %>
 <%@ page import="org.apache.commons.lang.StringUtils" %>
+<%@ page import="org.apache.commons.lang.StringEscapeUtils"%>
 <%@ page import="org.apache.jetspeed.JetspeedActions" %>
 <%@ page import="org.apache.jetspeed.ui.Jetui" %>
 <%@ page import="org.apache.jetspeed.ui.Toolbar" %>
@@ -101,7 +102,7 @@ limitations under the License.
 <html>
 <head>
 <meta http-equiv="content-type" content="<%=encoding%>"/>
-<title><%=jetui.getTitle(rc)%></title>
+<title><%=StringEscapeUtils.escapeXml(jetui.getTitle(rc))%></title>
 <link rel="shortcut icon" href="<%=baseUrl%>images/jetspeed.jpg" type="image/x-icon"
/>
 <script type="text/javascript" src="<%=request.getContextPath()%>/javascript/yui/build/yui/yui-min.js"></script>
 <script language="javascript">



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message