Author: taher
Date: Sun Dec 17 12:00:50 2017
New Revision: 1818482
URL: http://svn.apache.org/viewvc?rev=1818482&view=rev
Log:
Implemented: enforce html encoding of request-strings passed to birt
Modified:
ofbiz/branches/release16.11/specialpurpose/birt/webapp/birt/webcontent/birt/pages/common/Attributes.jsp
Modified:
ofbiz/branches/release16.11/specialpurpose/birt/webapp/birt/webcontent/birt/pages/common/Attributes.jsp
URL:
http://svn.apache.org/viewvc/ofbiz/branches/release16.11/specialpurpose/birt/webapp/birt/webcontent/birt/pages/common/Attributes.jsp?rev=1818482&r1=1818481&r2=1818482&view=diff
==============================================================================
---
ofbiz/branches/release16.11/specialpurpose/birt/webapp/birt/webcontent/birt/pages/common/Attributes.jsp
(original)
+++
ofbiz/branches/release16.11/specialpurpose/birt/webapp/birt/webcontent/birt/pages/common/Attributes.jsp
Sun Dec 17 12:00:50 2017
@@ -13,7 +13,7 @@
{
Constants.request = {};
}
- Constants.request.format = '<%= ParameterAccessor.getFormat(request)
%>';
+ Constants.request.format = '<%=
ParameterAccessor.htmlEncode(ParameterAccessor.getFormat(request)) %>';
Constants.request.rtl = <%= ParameterAccessor.isRtl( request ) %>;
Constants.request.isDesigner = <%= ParameterAccessor.isDesigner() %>;
Constants.request.servletPath = "<%= request.getAttribute(
"ServletPath" ) %>".substr(1);
