cha...

rgielen Sat, 18 Feb 2012 09:44:29 -0800

Author: rgielen
Date: Sat Feb 18 17:44:04 2012
New Revision: 1290827

URL: http://svn.apache.org/viewvc?rev=1290827&view=rev
Log:
WW-3757
Show how to produce sanitized output of user inputted data


Modified:
    
struts/struts2/trunk/apps/portlet/src/main/webapp/WEB-INF/view/freeMarkerExample.ftl
    
struts/struts2/trunk/apps/rest-showcase/src/main/webapp/WEB-INF/content/orders-index.jsp
    
struts/struts2/trunk/apps/rest-showcase/src/main/webapp/WEB-INF/content/orders-show.jsp
    struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/options.ftl
    
struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel1.ftl
    
struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel2Submit.ftl
    
struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel3Submit.ftl
    struts/struts2/trunk/apps/showcase/src/main/webapp/chat/showRoom.ftl
    struts/struts2/trunk/apps/showcase/src/main/webapp/chat/usersAvailable.ftl
    struts/struts2/trunk/apps/showcase/src/main/webapp/continuations/guess.ftl
    struts/struts2/trunk/apps/showcase/src/main/webapp/person/list-people.ftl
    
struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/actionPrefix.ftl
    
struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/methodPrefix.ftl
    
struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/redirectActionPrefix.ftl

Modified: 
struts/struts2/trunk/apps/portlet/src/main/webapp/WEB-INF/view/freeMarkerExample.ftl
URL: 
http://svn.apache.org/viewvc/struts/struts2/trunk/apps/portlet/src/main/webapp/WEB-INF/view/freeMarkerExample.ftl?rev=1290827&r1=1290826&r2=1290827&view=diff
==============================================================================
--- 
struts/struts2/trunk/apps/portlet/src/main/webapp/WEB-INF/view/freeMarkerExample.ftl
 (original)
+++ 
struts/struts2/trunk/apps/portlet/src/main/webapp/WEB-INF/view/freeMarkerExample.ftl
 Sat Feb 18 17:44:04 2012
@@ -1,3 +1,3 @@
-<b>Hello from FreeMarker, ${firstName} ${lastName}!</b>
+<b>Hello from FreeMarker, ${firstName?html} ${lastName?html}!</b>
 <p/>
 <a href="<@s.url action="index"/>">Back to front page</a>

Modified: 
struts/struts2/trunk/apps/rest-showcase/src/main/webapp/WEB-INF/content/orders-index.jsp
URL: 
http://svn.apache.org/viewvc/struts/struts2/trunk/apps/rest-showcase/src/main/webapp/WEB-INF/content/orders-index.jsp?rev=1290827&r1=1290826&r2=1290827&view=diff
==============================================================================
--- 
struts/struts2/trunk/apps/rest-showcase/src/main/webapp/WEB-INF/content/orders-index.jsp
 (original)
+++ 
struts/struts2/trunk/apps/rest-showcase/src/main/webapp/WEB-INF/content/orders-index.jsp
 Sat Feb 18 17:44:04 2012
@@ -20,8 +20,8 @@
         <s:iterator value="model">
         <tr>
             <td>${id}</td>
-            <td>${clientName}</td>
-            <td>${amount}</td>
+            <td><s:property value="clientName"/></td>
+            <td><s:property value="amount"/></td>
             <td><a href="orders/${id}">View</a> |
                 <a href="orders/${id}/edit">Edit</a> |
                 <a href="orders/${id}/deleteConfirm">Delete</a></td>

Modified: 
struts/struts2/trunk/apps/rest-showcase/src/main/webapp/WEB-INF/content/orders-show.jsp
URL: 
http://svn.apache.org/viewvc/struts/struts2/trunk/apps/rest-showcase/src/main/webapp/WEB-INF/content/orders-show.jsp?rev=1290827&r1=1290826&r2=1290827&view=diff
==============================================================================
--- 
struts/struts2/trunk/apps/rest-showcase/src/main/webapp/WEB-INF/content/orders-show.jsp
 (original)
+++ 
struts/struts2/trunk/apps/rest-showcase/src/main/webapp/WEB-INF/content/orders-show.jsp
 Sat Feb 18 17:44:04 2012
@@ -1,7 +1,9 @@
 <!DOCTYPE html PUBLIC 
        "-//W3C//DTD XHTML 1.1 Transitional//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
-       
+
+<%@taglib prefix="s" uri="/struts-tags" %>
+
 <html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
 <head>
        <title>Order ${id}</title>
@@ -14,11 +16,11 @@
         </tr>
         <tr>
             <th>Client</th>
-            <td>${clientName}</td>
+            <td><s:property value="clientName"/></td>
         </tr>
         <tr>
             <th>Amount</th>
-            <td>${amount}</td>
+            <td><s:property value="amount"/></td>
         </tr>
     </table>           
     <a href="../orders">Back to Orders</a>

Modified: struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/options.ftl
URL: 
http://svn.apache.org/viewvc/struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/options.ftl?rev=1290827&r1=1290826&r2=1290827&view=diff
==============================================================================
--- struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/options.ftl 
(original)
+++ struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/options.ftl Sat Feb 
18 17:44:04 2012
@@ -1,5 +1,5 @@
 [
 <#list options as option>
-       ["${option}"],
+       ["${option?html}"],
 </#list>
 ]
\ No newline at end of file

Modified: 
struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel1.ftl
URL: 
http://svn.apache.org/viewvc/struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel1.ftl?rev=1290827&r1=1290826&r2=1290827&view=diff
==============================================================================
--- 
struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel1.ftl
 (original)
+++ 
struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel1.ftl
 Sat Feb 18 17:44:04 2012
@@ -1,3 +1,3 @@
 
 Hello, <br/>
-Today is ${todayDate}, the time now is ${todayTime}
+Today is ${todayDate?html}, the time now is ${todayTime?html}

Modified: 
struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel2Submit.ftl
URL: 
http://svn.apache.org/viewvc/struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel2Submit.ftl?rev=1290827&r1=1290826&r2=1290827&view=diff
==============================================================================
--- 
struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel2Submit.ftl
 (original)
+++ 
struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel2Submit.ftl
 Sat Feb 18 17:44:04 2012
@@ -1,2 +1,2 @@
 
-Hello, ${name}
+Hello, ${name?html}

Modified: 
struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel3Submit.ftl
URL: 
http://svn.apache.org/viewvc/struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel3Submit.ftl?rev=1290827&r1=1290826&r2=1290827&view=diff
==============================================================================
--- 
struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel3Submit.ftl
 (original)
+++ 
struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel3Submit.ftl
 Sat Feb 18 17:44:04 2012
@@ -1,2 +1,2 @@
 
-So, you are a ${gender}
+So, you are a ${gender?html}

Modified: struts/struts2/trunk/apps/showcase/src/main/webapp/chat/showRoom.ftl
URL: 
http://svn.apache.org/viewvc/struts/struts2/trunk/apps/showcase/src/main/webapp/chat/showRoom.ftl?rev=1290827&r1=1290826&r2=1290827&view=diff
==============================================================================
--- struts/struts2/trunk/apps/showcase/src/main/webapp/chat/showRoom.ftl 
(original)
+++ struts/struts2/trunk/apps/showcase/src/main/webapp/chat/showRoom.ftl Sat 
Feb 18 17:44:04 2012
@@ -118,7 +118,7 @@
                
                <div class="center">
                <div class="box">
-               <h3>Messages Posted In Room [${roomName?default('')}]</h3>
+               <h3>Messages Posted In Room [${roomName?default('')?html}]</h3>
                <@s.url id="url" 
value="/chat/ajax/messagesAvailableInRoom.action" includeContext="true">
                        <@s.param name="roomName" value="%{roomName}" />
                </@s.url>
@@ -143,7 +143,7 @@
 
                <div class="right">
                <div class="box">
-               <h3>Users Available In Room [${roomName?default('')}]</h3>
+               <h3>Users Available In Room [${roomName?default('')?html}]</h3>
                <@s.url id="url" value="/chat/ajax/usersAvailableInRoom.action" 
includeContext="true">
                        <@s.param name="roomName" value="%{roomName}" />
                </@s.url>

Modified: 
struts/struts2/trunk/apps/showcase/src/main/webapp/chat/usersAvailable.ftl
URL: 
http://svn.apache.org/viewvc/struts/struts2/trunk/apps/showcase/src/main/webapp/chat/usersAvailable.ftl?rev=1290827&r1=1290826&r2=1290827&view=diff
==============================================================================
--- struts/struts2/trunk/apps/showcase/src/main/webapp/chat/usersAvailable.ftl 
(original)
+++ struts/struts2/trunk/apps/showcase/src/main/webapp/chat/usersAvailable.ftl 
Sat Feb 18 17:44:04 2012
@@ -1,6 +1,6 @@
 
 <ul>
 <#list availableUsers as user>
-       <li>${user.name}</li>
+       <li>${user.name?html}</li>
 </#list>
 </ul>

Modified: 
struts/struts2/trunk/apps/showcase/src/main/webapp/continuations/guess.ftl
URL: 
http://svn.apache.org/viewvc/struts/struts2/trunk/apps/showcase/src/main/webapp/continuations/guess.ftl?rev=1290827&r1=1290826&r2=1290827&view=diff
==============================================================================
--- struts/struts2/trunk/apps/showcase/src/main/webapp/continuations/guess.ftl 
(original)
+++ struts/struts2/trunk/apps/showcase/src/main/webapp/continuations/guess.ftl 
Sat Feb 18 17:44:04 2012
@@ -6,7 +6,7 @@
 
 <body>
 <#list actionMessages as msg>
-    ${msg}
+    ${msg?html}
 </#list>
 
 <@s.form action="guess" method="post">

Modified: 
struts/struts2/trunk/apps/showcase/src/main/webapp/person/list-people.ftl
URL: 
http://svn.apache.org/viewvc/struts/struts2/trunk/apps/showcase/src/main/webapp/person/list-people.ftl?rev=1290827&r1=1290826&r2=1290827&view=diff
==============================================================================
--- struts/struts2/trunk/apps/showcase/src/main/webapp/person/list-people.ftl 
(original)
+++ struts/struts2/trunk/apps/showcase/src/main/webapp/person/list-people.ftl 
Sat Feb 18 17:44:04 2012
@@ -13,9 +13,9 @@ There are ${peopleCount} people... 
     </tr>
 <#list people as person>
     <tr>
-        <td>${person.id}</td>
-        <td>${person.name}</td>
-        <td>${person.lastName}</td>
+        <td>${person.id?html}</td>
+        <td>${person.name?html}</td>
+        <td>${person.lastName?html}</td>
     </tr>
 </#list>
 </table>

Modified: 
struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/actionPrefix.ftl
URL: 
http://svn.apache.org/viewvc/struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/actionPrefix.ftl?rev=1290827&r1=1290826&r2=1290827&view=diff
==============================================================================
--- 
struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/actionPrefix.ftl
 (original)
+++ 
struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/actionPrefix.ftl
 Sat Feb 18 17:44:04 2012
@@ -8,7 +8,7 @@
        
        You have come to this page because you used an 'action' prefix.<p/>
        
-       The text you've enter is ${text?default('')}<p/>
+       The text you've entered is ${text?default('')?html}<p/>
        
        <@s.url id="url" action="actionPrefixExampleUsingFreemarker" 
namespace="/tags/non-ui/actionPrefix" />
        <@s.a href="%{#url}">Back</@s.a>

Modified: 
struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/methodPrefix.ftl
URL: 
http://svn.apache.org/viewvc/struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/methodPrefix.ftl?rev=1290827&r1=1290826&r2=1290827&view=diff
==============================================================================
--- 
struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/methodPrefix.ftl
 (original)
+++ 
struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/methodPrefix.ftl
 Sat Feb 18 17:44:04 2012
@@ -8,7 +8,7 @@
        
        You have come to this page because you used an 'method' prefix.<p/>
        
-       The text you've enter is ${text?default('')}<p/>
+       The text you've enter is ${text?default('')?html}<p/>
        
        <@s.url id="url" action="actionPrefixExampleUsingFreemarker" 
namespace="/tags/non-ui/actionPrefix" />
        <@s.a href="%{#url}">Back</@s.a>

Modified: 
struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/redirectActionPrefix.ftl
URL: 
http://svn.apache.org/viewvc/struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/redirectActionPrefix.ftl?rev=1290827&r1=1290826&r2=1290827&view=diff
==============================================================================
--- 
struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/redirectActionPrefix.ftl
 (original)
+++ 
struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/redirectActionPrefix.ftl
 Sat Feb 18 17:44:04 2012
@@ -11,7 +11,7 @@
        Because this is a 'redirect-action', the text will be lost, due to a 
redirection
        implies a new request being issued from the client.<p/>
        
-       The text you've enter is ${text?default('')}<p/>
+       The text you've enter is ${text?default('')?html}<p/>
        
        <@s.url id="url" action="actionPrefixExampleUsingFreemarker" 
namespace="/tags/non-ui/actionPrefix" />
        <@s.a href="%{#url}">Back</@s.a>

svn commit: r1290827 - in /struts/struts2/trunk/apps: portlet/src/main/webapp/WEB-INF/view/ rest-showcase/src/main/webapp/WEB-INF/content/ showcase/src/main/webapp/ajax/ showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/ showcase/src/main/webapp/cha...

Reply via email to