Author: woonsan
Date: Mon Jan 11 23:12:11 2016
New Revision: 1724142
URL: http://svn.apache.org/viewvc?rev=1724142&view=rev
Log:
escaping jetui document title element for safety.
Modified:
portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/jetui/yui/jetui.jsp
Modified:
portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/jetui/yui/jetui.jsp
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/jetui/yui/jetui.jsp?rev=1724142&r1=1724141&r2=1724142&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/jetui/yui/jetui.jsp
(original)
+++
portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/jetui/yui/jetui.jsp
Mon Jan 11 23:12:11 2016
@@ -21,6 +21,7 @@ limitations under the License.
<%@ page import="java.util.Map" %>
<%@ page import="java.util.Set" %>
<%@ page import="org.apache.commons.lang.StringUtils" %>
+<%@ page import="org.apache.commons.lang.StringEscapeUtils"%>
<%@ page import="org.apache.jetspeed.JetspeedActions" %>
<%@ page import="org.apache.jetspeed.ui.Jetui" %>
<%@ page import="org.apache.jetspeed.ui.Toolbar" %>
@@ -101,7 +102,7 @@ limitations under the License.
<html>
<head>
<meta http-equiv="content-type" content="<%=encoding%>"/>
-<title><%=jetui.getTitle(rc)%></title>
+<title><%=StringEscapeUtils.escapeXml(jetui.getTitle(rc))%></title>
<link rel="shortcut icon" href="<%=baseUrl%>images/jetspeed.jpg"
type="image/x-icon" />
<script type="text/javascript"
src="<%=request.getContextPath()%>/javascript/yui/build/yui/yui-min.js"></script>
<script language="javascript">
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscr...@portals.apache.org
For additional commands, e-mail: jetspeed-dev-h...@portals.apache.org
