spaces: breadcrumbs.jsp page-navigator.jsp

woonsan Mon, 11 Jan 2016 15:16:03 -0800

Author: woonsan
Date: Mon Jan 11 23:15:38 2016
New Revision: 1724143

URL: http://svn.apache.org/viewvc?rev=1724143&view=rev
Log:
escape titles in page-navigator and breadcrumbs for safety


Modified:
    
portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/view/spaces/breadcrumbs.jsp
    
portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/view/spaces/page-navigator.jsp

Modified: 
portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/view/spaces/breadcrumbs.jsp
URL: 
http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/view/spaces/breadcrumbs.jsp?rev=1724143&r1=1724142&r2=1724143&view=diff
==============================================================================
--- 
portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/view/spaces/breadcrumbs.jsp
 (original)
+++ 
portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/view/spaces/breadcrumbs.jsp
 Mon Jan 11 23:15:38 2016
@@ -16,6 +16,7 @@ limitations under the License.
 
 --%>
 <%@page import="java.util.List"%>
+<%@page import="org.apache.commons.lang.StringEscapeUtils"%>
 <%@page import="org.apache.jetspeed.page.document.Node"%>
 <%@page 
import="org.apache.jetspeed.portlets.spaces.BreadcrumbMenu.BreadcrumbMenuItem" 
%>
 <%@ page contentType="text/html" %>
@@ -34,7 +35,7 @@ for (BreadcrumbMenuItem item : menus)
        if (count == 1)
            separator = "> ";
 %>     
-<span style='display: inline; color: #808080'><%=separator%></span><a 
href="<%=item.getPath()%>"><%=item.getTitle() %></a>
+<span style='display: inline; color: #808080'><%=separator%></span><a 
href="<%=item.getPath()%>"><%=StringEscapeUtils.escapeXml(item.getTitle()) 
%></a>
 <%
        count++;
 }

Modified: 
portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/view/spaces/page-navigator.jsp
URL: 
http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/view/spaces/page-navigator.jsp?rev=1724143&r1=1724142&r2=1724143&view=diff
==============================================================================
--- 
portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/view/spaces/page-navigator.jsp
 (original)
+++ 
portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/view/spaces/page-navigator.jsp
 Mon Jan 11 23:15:38 2016
@@ -21,6 +21,7 @@ limitations under the License.
 <%@page import="java.text.NumberFormat"%>
 <%@page import="javax.portlet.RenderRequest"%>
 <%@page import="javax.portlet.RenderResponse"%>
+<%@page import="org.apache.commons.lang.StringEscapeUtils"%>
 <%@page import="org.apache.jetspeed.decoration.Theme" %>
 <%@page import="org.apache.jetspeed.portlets.spaces.SpaceBean"%>
 <%@page import="org.apache.jetspeed.om.folder.Folder" %>
@@ -65,7 +66,7 @@ private void printMenuItem(MenuElement e
             styleClass = "active expanded";
         }
         out.write("<li type='" + type + "' nodeType='" + nodeType + "' 
editable='" + editable + "' path='" + path + "' class='" + styleClass + "'>\n");
-        out.write("<a href='" + pageNavigator.getAbsoluteUrl(url, 
renderResponse, rc) + "'>" + title + "</a>\n");
+        out.write("<a href='" + pageNavigator.getAbsoluteUrl(url, 
renderResponse, rc) + "'>" + StringEscapeUtils.escapeXml(title) + "</a>\n");
         
         if (depth < maxDepth)
         {
@@ -95,7 +96,7 @@ private void printMenuItem(MenuElement e
             styleClass = "active leaf";
         }
         out.write("<li type='" + type + "' nodeType='" + nodeType + "' 
editable='" + editable + "' path='" + path +"' class='" + styleClass + "'>");
-        out.write("<a href='" + pageNavigator.getAbsoluteUrl(url, 
renderResponse, rc) + "'>" + title + "</a>");
+        out.write("<a href='" + pageNavigator.getAbsoluteUrl(url, 
renderResponse, rc) + "'>" + StringEscapeUtils.escapeXml(title) + "</a>");
         out.write("</li>\n");
     }
 }
@@ -173,7 +174,7 @@ for (MenuElement element : linkElements)
           <fmt:message key="spaces.pages.label.template"/>:
           <select name="templatePage" class="portlet-form-field">
             <c:forEach items="${templatePages}" var="templatePage">
-              <option 
value="${templatePage.path}">${templatePage.title}</option>
+              <option value="${templatePage.path}"><c:out 
value="${templatePage.title}"/></option>
             </c:forEach>
           </select>
         </td>
@@ -225,7 +226,7 @@ for (MenuElement element : linkElements)
         <ul class="navmenu">
           <li path='${space.path}' class='expanded'>
             <input type='radio' name='targetFolder' value='${space.path}'/>
-            <a href='#'>${space.title}</a>
+            <a href='#'><c:out value="${space.title}"/></a>
             <ul id="<portlet:namespace/>targetSubFolders" class="navmenu">
             </ul>
           </li>



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

svn commit: r1724143 - in /portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/view/spaces: breadcrumbs.jsp page-navigator.jsp

Reply via email to