Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/decorations/layout/jetspeed/tigrisNavigations.jsp URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/decorations/layout/jetspeed/tigrisNavigations.jsp?rev=1726469&r1=1726468&r2=1726469&view=diff ============================================================================== --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/decorations/layout/jetspeed/tigrisNavigations.jsp (original) +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/decorations/layout/jetspeed/tigrisNavigations.jsp Sun Jan 24 08:08:04 2016 @@ -20,6 +20,7 @@ limitations under the License. <%@taglib uri="http://java.sun.com/jsp/jstl/fmt"; prefix="fmt" %> <%@taglib uri="http://java.sun.com/portlet"; prefix="portlet" %> +<%@page import="org.apache.commons.lang.StringEscapeUtils"%> <%@page import="org.apache.commons.logging.Log"%> <%@page import="org.apache.commons.logging.LogFactory"%> <%@page import="org.apache.jetspeed.portalsite.PortalSiteRequestContext"%> @@ -119,8 +120,8 @@ limitations under the License. append("<a href=\""). append(lnkUrl).append("\""). append("class=\"LinkPage\" ").append("title=\""). - append(lnkTitle).append("\">"). - append(lnkName).append("</a>\n"). + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)).append("</a>\n"). append(TAB_INDENT_1).append("</div>\n"); } @@ -136,8 +137,8 @@ limitations under the License. sb.append(" target=\"").append(lnkTarget).append("\""); } sb.append(" class=\"Link\" ").append(" title=\""). - append(lnkTitle).append("\">"). - append(lnkName).append("</a>\n"). + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)).append("</a>\n"). append(TAB_INDENT_1).append("</div>\n"); } else if (menuType == FOLDER_TYPE) @@ -147,8 +148,8 @@ limitations under the License. append("<a href=\""). append(lnkUrl).append("\""). append("class=\"LinkFolder\" ").append("title=\""). - append(lnkTitle).append("\">"). - append(lnkName).append("</a>\n"). + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)).append("</a>\n"). append(TAB_INDENT_1).append("</div>\n"); } @@ -196,14 +197,14 @@ limitations under the License. if (orientation == LEFT_TO_RIGHT) { sb.append(TAB_INDENT_2). - append("<span title=\"").append(menuTitle).append("\">"). - append(menuName).append(" </span>\n"); + append("<span title=\"").append(StringEscapeUtils.escapeXml(menuTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(menuName)).append(" </span>\n"); } else if (orientation == TOP_TO_BOTTOM) { sb.append(TAB_INDENT_2).append("<div class=\"pagetitle\" title=\""). - append(menuTitle).append("\">"). - append(menuName).append(TAB_INDENT_2). + append(StringEscapeUtils.escapeXml(menuTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(menuName)).append(TAB_INDENT_2). append("</div>\n"); } } @@ -250,8 +251,8 @@ limitations under the License. sb.append("<a href=\""). append(lnkUrl).append("\""). append(" class=\"LinkPage\" title=\""). - append(lnkTitle).append("\">"). - append(lnkName). + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)). append("</a>"); } else if (menuType == LINK_TYPE) @@ -259,8 +260,8 @@ limitations under the License. sb.append("<a href=\""). append(lnkUrl).append("\""). append(" class=\"Link\" title=\""). - append(lnkTitle).append("\">"). - append(lnkName). + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)). append("</a>"); } @@ -269,8 +270,8 @@ limitations under the License. sb.append("<a href=\""). append(lnkUrl).append("\""). append(" class=\"LinkFolder\" title=\""). - append(lnkTitle).append("\">"). - append(lnkName). + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)). append("</a>"); } else @@ -278,8 +279,8 @@ limitations under the License. sb.append("<a href=\""). append(lnkUrl).append("\""). append(" title=\""). - append(lnkTitle).append("\">"). - append(lnkName). + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)). append("</a>"); } @@ -297,14 +298,14 @@ limitations under the License. if (orientation == LEFT_TO_RIGHT) { sb.append(TAB_INDENT_2).append("<span title=\""). - append(lnkTitle).append("\">"). - append(lnkName).append(" ").append("</span>\n"); + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)).append(" ").append("</span>\n"); } else if (orientation == TOP_TO_BOTTOM) { sb.append(TAB_INDENT_2).append("<div title=\""). - append(lnkTitle).append("\">"). - append(lnkName).append("</div>\n"); + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)).append("</div>\n"); } } // Not BREADCRUMB_STYLE etc. @@ -320,14 +321,14 @@ limitations under the License. sepText = ""; if (orientation == LEFT_TO_RIGHT) { - sb.append(TAB_INDENT_2).append("<span title=\"").append(sepTitle).append("\">"). - append(sepText).append(delimiter).append("</span>\n"); + sb.append(TAB_INDENT_2).append("<span title=\"").append(StringEscapeUtils.escapeXml(sepTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(sepText)).append(delimiter).append("</span>\n"); } else if (orientation == TOP_TO_BOTTOM) { sb.append(TAB_INDENT_2).append("<div class=\"pagetitle\" title=\""). - append(sepTitle).append("\">"). - append(sepText).append("</div>\n"); + append(StringEscapeUtils.escapeXml(sepTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(sepText)).append("</div>\n"); } } @@ -336,15 +337,15 @@ limitations under the License. { if (orientation == LEFT_TO_RIGHT) { - sb.append(TAB_INDENT_2).append("<span title=\"").append(menuTitle).append("\">"). - append(menuName).append(" ").append("</span>\n"); + sb.append(TAB_INDENT_2).append("<span title=\"").append(StringEscapeUtils.escapeXml(menuTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(menuName)).append(" ").append("</span>\n"); } else { sb.append(TAB_INDENT_2).append("<div class=\"pagetitle\" title=\""). - append(menuTitle).append("\">"). - append(menuName).append("</div>\n"); + append(StringEscapeUtils.escapeXml(menuTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(menuName)).append("</div>\n"); } } @@ -419,8 +420,8 @@ limitations under the License. sb.append("\t\t\t\t\t\t\t<div>\n\t\t\t\t\t\t\t\t<a href=\""). append(lnkUrl).append("\""). append("class=\"LinkPage\" ").append("title=\""). - append(lnkTitle).append("\">"). - append(lnkName).append("</a>\n\t\t\t\t\t\t\t\t</div>\n"); + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)).append("</a>\n\t\t\t\t\t\t\t\t</div>\n"); } else if (menuType == LINK_TYPE) @@ -432,16 +433,16 @@ limitations under the License. append(lnkUrl).append("\""). append(" target=\"").append(lnkTarget).append("\" "). append("class=\"Link\" ").append("title=\""). - append(lnkTitle).append("\">"). - append(lnkName).append("</a>\n\t\t\t\t\t\t\t\t</div>\n"); + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)).append("</a>\n\t\t\t\t\t\t\t\t</div>\n"); } else if (menuType == FOLDER_TYPE) { sb.append("\t\t\t\t\t\t\t<div>\n\t\t\t\t\t\t\t\t<a href=\""). append(lnkUrl).append("\""). append("class=\"LinkFolder\" ").append("title=\""). - append(lnkTitle).append("\">"). - append(lnkName).append("</a>\n\t\t\t\t\t\t\t\t</div>\n"); + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)).append("</a>\n\t\t\t\t\t\t\t\t</div>\n"); } rowStarted = true; @@ -490,7 +491,7 @@ limitations under the License. append("\t\t\t\t\t\t\t</div>\n"); } sb.append("\t\t\t\t\t\t\t\t<div class=\"label\">"). - append(sepText).append("</div>\n"); + append(StringEscapeUtils.escapeXml(sepText)).append("</div>\n"); rowStarted = true; elmStarted = false; //already outputed } @@ -523,9 +524,9 @@ limitations under the License. { sb.append("\t\t\t\t\t\t\t\t\t"). append("<div class=\"pagetitle\" "). - append("title=\"").append(menuTitle). - append("\">").append(menuName). - append(menuName).append("</div>\n"); + append("title=\"").append(StringEscapeUtils.escapeXml(menuTitle)). + append("\">").append(StringEscapeUtils.escapeXml(menuName)). + append(StringEscapeUtils.escapeXml(menuName)).append("</div>\n"); } sb.append("\t\t\t\t\t\t\t\t\t").append("<div><!-- S: nested menu -->\n"); @@ -563,8 +564,8 @@ limitations under the License. sepText = ""; sb.append("\t\t\t\t\t\t\t\t"). append("<div class=\"pagetitle\" "). - append(" title=\"").append(sepTitle).append("\">"). - append(sepText).append("</div>\n"); + append(" title=\"").append(StringEscapeUtils.escapeXml(sepTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(sepText)).append("</div>\n"); } } //while @@ -622,7 +623,7 @@ limitations under the License. append("<td class=\"LTabLeft\" nowrap=\"nowrap\"> </td>\n"). append(TAB_INDENT_3). append("<td class=\"LTab\" align=\"center\" valign=\"middle\" nowrap=\"nowrap\" title=\""). - append(tabTitle).append("\">").append(tabName).append("</td>\n"). + append(StringEscapeUtils.escapeXml(tabTitle)).append("\">").append(StringEscapeUtils.escapeXml(tabName)).append("</td>\n"). append(TAB_INDENT_3). append("<td class=\"LTabRight\" nowrap=\"nowrap\"> </td>\n"); @@ -635,9 +636,9 @@ limitations under the License. append(TAB_INDENT_3). append("<td class=\"LTabLow\" align=\"center\" "). append("valign=\"middle\" nowrap=\"nowrap\" title=\""). - append(tabTitle).append("\">"). + append(StringEscapeUtils.escapeXml(tabTitle)).append("\">"). append("<a href=\"").append(tabUrl).append("\">"). - append(tabName). + append(StringEscapeUtils.escapeXml(tabName)). append("</a>").append("</td>\n"). append(TAB_INDENT_3). append("<td class=\"LTabRightLow\" nowrap=\"nowrap\"> </td>\n");
Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/decorations/layout/oldstyle/decorator-macros.vm URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/decorations/layout/oldstyle/decorator-macros.vm?rev=1726469&r1=1726468&r2=1726469&view=diff ============================================================================== --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/decorations/layout/oldstyle/decorator-macros.vm (original) +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/decorations/layout/oldstyle/decorator-macros.vm Sun Jan 24 08:08:04 2016 @@ -34,10 +34,10 @@ #set($tabName = $element.getShortTitle($preferedLocale)) #if($_orientation == $LEFT_TO_RIGHT) #if($element.isSelected($site)) - <li>${tabName}</li> + <li>$esc.xml(${tabName})</li> #else #set($tabUrl = $jetspeed.getAbsoluteUrl($element.url)) - <li><a href="$tabUrl">${tabName}</a></li> + <li><a href="$tabUrl">$esc.xml(${tabName})</a></li> #end #end #end @@ -62,10 +62,10 @@ #if($_title == $TITLE_FIRST) #if($_orientation == $LEFT_TO_RIGHT) - <span title="$!menuTitle">${menuName} </span> + <span title="$!menuTitle">$esc.xml(${menuName}) </span> #elseif($_orientation == $TOP_TO_BOTTOM) - <div class="pagetitle" title="$!menuTitle">${menuName}</div> + <div class="pagetitle" title="$!esc.xml($!menuTitle)">$esc.xml(${menuName})</div> #end #end #foreach($element in $_menu.elements.iterator()) @@ -83,16 +83,16 @@ #end #if($element.type == "page") - <a href="$linkUrl" class="LinkPage" title="$!linkTitle">${linkName}</a> + <a href="$linkUrl" class="LinkPage" title="$!esc.xml($!linkTitle)">$esc.xml(${linkName})</a> #elseif($element.type == "link") - <a href="$linkUrl" class="Link" title="$!linkTitle">${linkName}</a> + <a href="$linkUrl" class="Link" title="$!esc.xml($!linkTitle)">$esc.xml(${linkName})</a> #elseif($element.type == "folder") - <a href="$linkUrl" class="LinkFolder" title="$!linkTitle">${linkName}</a> + <a href="$linkUrl" class="LinkFolder" title="$!esc.xml($!linkTitle)">$esc.xml(${linkName})</a> #else - <a href="$linkUrl" title="$!linkTitle">${linkName}</a> + <a href="$linkUrl" title="$!esc.xml($!linkTitle)">$esc.xml(${linkName})</a> #end #if($_orientation == $LEFT_TO_RIGHT) ${__delimiter}</span> @@ -103,10 +103,10 @@ #else #if($_orientation == $LEFT_TO_RIGHT) - <span title="$!linkTitle">${linkName} </span> + <span title="$!esc.xml($!linkTitle)">$esc.xml(${linkName}) </span> #elseif($_orientation == $TOP_TO_BOTTOM) - <div title="$!linkTitle">${linkName}</div> + <div title="$!esc.xml($!linkTitle)">$esc.xml(${linkName})</div> #end #end #elseif($element.elementType == "separator") @@ -114,20 +114,20 @@ #set($separatorText = $element.getText($preferedLocale)) #if($_orientation == $LEFT_TO_RIGHT) - <span title="$!separatorTitle">${separatorText}${__delimiter}</span> + <span title="$!esc.xml($!separatorTitle)">$esc.xml(${separatorText})${__delimiter}</span> #elseif($_orientation == $TOP_TO_BOTTOM) - <div class="pagetitle" title="$!separatorTitle">${separatorText}</div> + <div class="pagetitle" title="$!esc.xml($!separatorTitle)">$esc.xml(${separatorText})</div> #end #end #end #if($_title == $TITLE_LAST) #if($_orientation == $LEFT_TO_RIGHT) - <span title="$!menuTitle">${menuName} </span> + <span title="$!esc.xml($!menuTitle)">$esc.xml(${menuName}) </span> #elseif($_orientation == $TOP_TO_BOTTOM) - <div class="pagetitle" title="$!menuTitle">${menuName}</div> + <div class="pagetitle" title="$!esc.xml($!menuTitle)">$esc.xml(${menuName})</div> #end #end @@ -139,7 +139,7 @@ #set($menuTitle = $_menu.getTitle($preferedLocale)) #set($menuName = $_menu.getShortTitle($preferedLocale)) #if($menuName) - <div class="pagetitle" title="$!menuTitle">${menuName}</div> + <div class="pagetitle" title="$!esc.xml($!menuTitle)">$esc.xml(${menuName})</div> #end <div> #foreach($element in $_menu.elements.iterator()) @@ -148,19 +148,19 @@ #set($linkName = $element.getShortTitle($preferedLocale)) #set($linkUrl = $jetspeed.getAbsoluteUrl($element.url)) #if($element.type == "page") - <div><a href="$linkUrl" class="LinkPage" title="$!linkTitle">${linkName}</a></div> + <div><a href="$linkUrl" class="LinkPage" title="$!esc.xml($!linkTitle)">$esc.xml(${linkName})</a></div> #elseif($element.type == "link") #set($linkTarget = $element.target) - <div><a href="$linkUrl" target="$linkTarget" class="Link" title="$!linkTitle">${linkName}</a></div> + <div><a href="$linkUrl" target="$linkTarget" class="Link" title="$!esc.xml($!linkTitle)">$esc.xml(${linkName})</a></div> #elseif($element.type == "folder") - <div><a href="$linkUrl" class="LinkFolder" title="$!linkTitle">$linkName</a></div> + <div><a href="$linkUrl" class="LinkFolder" title="$!esc.xml($!linkTitle)">$esc.xml($linkName)</a></div> #end #elseif($element.elementType == "menu") #includeNestedLinksWithIconNavigation($element $_orientation) #elseif($element.elementType == "separator") #set($separatorTitle = $element.getTitle($preferedLocale)) #set($separatorText = $element.getText($preferedLocale)) - <div class="pagetitle" title="$!separatorTitle">${separatorText}</div> + <div class="pagetitle" title="$!esc.xml($!separatorTitle)">$esc.xml(${separatorText})</div> #end #end </div> @@ -186,12 +186,12 @@ #set($linkName = $element.getShortTitle($preferedLocale)) #set($linkUrl = $jetspeed.getAbsoluteUrl($element.url)) #if($element.type == "page") - <div><a href="$linkUrl" class="LinkPage" title="$!linkTitle">${linkName}</a></div> + <div><a href="$linkUrl" class="LinkPage" title="$!esc.xml($!linkTitle)">$esc.xml(${linkName})</a></div> #elseif($element.type == "link") #set($linkTarget = $element.target) - <div><a href="$linkUrl" target="$!linkTarget" class="Link" title="$!linkTitle">${linkName}</a></div> + <div><a href="$linkUrl" target="$!linkTarget" class="Link" title="$!esc.xml($!linkTitle)">$esc.xml(${linkName})</a></div> #elseif($element.type == "folder") - <div><a href="$linkUrl" class="LinkFolder" title="$!linkTitle">$linkName</a></div> + <div><a href="$linkUrl" class="LinkFolder" title="$!esc.xml($!linkTitle)">$esc.xml($linkName)</a></div> #end #set($rowStarted = true) #set($elementsStarted = true) @@ -221,7 +221,7 @@ #set($separatorTitle = $element.getTitle($preferedLocale)) #set($separatorText = $element.getText($preferedLocale)) <div class="label"> - ${separatorText} + $esc.xml(${separatorText}) </div> #set($rowStarted = true) #set($elementsStarted = false) @@ -248,14 +248,14 @@ #set($tabName = $element.getShortTitle($preferedLocale)) #if($element.isSelected($site)) <td class="LTabLeft" nowrap="nowrap"> </td> - <td class="LTab" align="center" valign="middle" nowrap="nowrap" title="$!tabTitle">${tabName}</td> + <td class="LTab" align="center" valign="middle" nowrap="nowrap" title="$!esc.xml($!tabTitle)">$esc.xml(${tabName})</td> <td class="LTabRight" nowrap="nowrap"> </td> #set ($sitem = $element) #set ($found = "true") #else #set($tabUrl = $jetspeed.getAbsoluteUrl($element.url)) <td class="LTabLeftLow" nowrap="nowrap"> </td> - <td class="LTabLow" align="center" valign="middle" nowrap="nowrap" title="$!tabTitle"><a href="$tabUrl">${tabName}</a></td> + <td class="LTabLow" align="center" valign="middle" nowrap="nowrap" title="$!esc.xml($!tabTitle)"><a href="$tabUrl">$esc.xml(${tabName})</a></td> <td class="LTabRightLow" nowrap="nowrap"> </td> #end #else Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/decorations/layout/oldstyle/tigrisNavigations.jsp URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/decorations/layout/oldstyle/tigrisNavigations.jsp?rev=1726469&r1=1726468&r2=1726469&view=diff ============================================================================== --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/decorations/layout/oldstyle/tigrisNavigations.jsp (original) +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/decorations/layout/oldstyle/tigrisNavigations.jsp Sun Jan 24 08:08:04 2016 @@ -20,6 +20,7 @@ limitations under the License. <%@taglib uri="http://java.sun.com/jsp/jstl/fmt"; prefix="fmt" %> <%@taglib uri="http://java.sun.com/portlet"; prefix="portlet" %> +<%@page import="org.apache.commons.lang.StringEscapeUtils"%> <%@page import="org.apache.commons.logging.Log"%> <%@page import="org.apache.commons.logging.LogFactory"%> <%@page import="org.apache.jetspeed.portalsite.PortalSiteRequestContext"%> @@ -119,8 +120,8 @@ limitations under the License. append("<a href=\""). append(lnkUrl).append("\""). append("class=\"LinkPage\" ").append("title=\""). - append(lnkTitle).append("\">"). - append(lnkName).append("</a>\n"). + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)).append("</a>\n"). append(TAB_INDENT_1).append("</div>\n"); } @@ -136,8 +137,8 @@ limitations under the License. sb.append(" target=\"").append(lnkTarget).append("\""); } sb.append(" class=\"Link\" ").append(" title=\""). - append(lnkTitle).append("\">"). - append(lnkName).append("</a>\n"). + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)).append("</a>\n"). append(TAB_INDENT_1).append("</div>\n"); } else if (menuType == FOLDER_TYPE) @@ -147,8 +148,8 @@ limitations under the License. append("<a href=\""). append(lnkUrl).append("\""). append("class=\"LinkFolder\" ").append("title=\""). - append(lnkTitle).append("\">"). - append(lnkName).append("</a>\n"). + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)).append("</a>\n"). append(TAB_INDENT_1).append("</div>\n"); } @@ -196,14 +197,14 @@ limitations under the License. if (orientation == LEFT_TO_RIGHT) { sb.append(TAB_INDENT_2). - append("<span title=\"").append(menuTitle).append("\">"). - append(menuName).append(" </span>\n"); + append("<span title=\"").append(StringEscapeUtils.escapeXml(menuTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(menuName)).append(" </span>\n"); } else if (orientation == TOP_TO_BOTTOM) { sb.append(TAB_INDENT_2).append("<div class=\"pagetitle\" title=\""). - append(menuTitle).append("\">"). - append(menuName).append(TAB_INDENT_2). + append(StringEscapeUtils.escapeXml(menuTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(menuName)).append(TAB_INDENT_2). append("</div>\n"); } } @@ -250,8 +251,8 @@ limitations under the License. sb.append("<a href=\""). append(lnkUrl).append("\""). append(" class=\"LinkPage\" title=\""). - append(lnkTitle).append("\">"). - append(lnkName). + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)). append("</a>"); } else if (menuType == LINK_TYPE) @@ -259,8 +260,8 @@ limitations under the License. sb.append("<a href=\""). append(lnkUrl).append("\""). append(" class=\"Link\" title=\""). - append(lnkTitle).append("\">"). - append(lnkName). + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)). append("</a>"); } @@ -269,8 +270,8 @@ limitations under the License. sb.append("<a href=\""). append(lnkUrl).append("\""). append(" class=\"LinkFolder\" title=\""). - append(lnkTitle).append("\">"). - append(lnkName). + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)). append("</a>"); } else @@ -278,8 +279,8 @@ limitations under the License. sb.append("<a href=\""). append(lnkUrl).append("\""). append(" title=\""). - append(lnkTitle).append("\">"). - append(lnkName). + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)). append("</a>"); } @@ -297,14 +298,14 @@ limitations under the License. if (orientation == LEFT_TO_RIGHT) { sb.append(TAB_INDENT_2).append("<span title=\""). - append(lnkTitle).append("\">"). - append(lnkName).append(" ").append("</span>\n"); + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)).append(" ").append("</span>\n"); } else if (orientation == TOP_TO_BOTTOM) { sb.append(TAB_INDENT_2).append("<div title=\""). - append(lnkTitle).append("\">"). - append(lnkName).append("</div>\n"); + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)).append("</div>\n"); } } // Not BREADCRUMB_STYLE etc. @@ -320,14 +321,14 @@ limitations under the License. sepText = ""; if (orientation == LEFT_TO_RIGHT) { - sb.append(TAB_INDENT_2).append("<span title=\"").append(sepTitle).append("\">"). - append(sepText).append(delimiter).append("</span>\n"); + sb.append(TAB_INDENT_2).append("<span title=\"").append(StringEscapeUtils.escapeXml(sepTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(sepText)).append(delimiter).append("</span>\n"); } else if (orientation == TOP_TO_BOTTOM) { sb.append(TAB_INDENT_2).append("<div class=\"pagetitle\" title=\""). - append(sepTitle).append("\">"). - append(sepText).append("</div>\n"); + append(StringEscapeUtils.escapeXml(sepTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(sepText)).append("</div>\n"); } } @@ -336,15 +337,15 @@ limitations under the License. { if (orientation == LEFT_TO_RIGHT) { - sb.append(TAB_INDENT_2).append("<span title=\"").append(menuTitle).append("\">"). - append(menuName).append(" ").append("</span>\n"); + sb.append(TAB_INDENT_2).append("<span title=\"").append(StringEscapeUtils.escapeXml(menuTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(menuName)).append(" ").append("</span>\n"); } else { sb.append(TAB_INDENT_2).append("<div class=\"pagetitle\" title=\""). - append(menuTitle).append("\">"). - append(menuName).append("</div>\n"); + append(StringEscapeUtils.escapeXml(menuTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(menuName)).append("</div>\n"); } } @@ -419,8 +420,8 @@ limitations under the License. sb.append("\t\t\t\t\t\t\t<div>\n\t\t\t\t\t\t\t\t<a href=\""). append(lnkUrl).append("\""). append("class=\"LinkPage\" ").append("title=\""). - append(lnkTitle).append("\">"). - append(lnkName).append("</a>\n\t\t\t\t\t\t\t\t</div>\n"); + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)).append("</a>\n\t\t\t\t\t\t\t\t</div>\n"); } else if (menuType == LINK_TYPE) @@ -432,16 +433,16 @@ limitations under the License. append(lnkUrl).append("\""). append(" target=\"").append(lnkTarget).append("\" "). append("class=\"Link\" ").append("title=\""). - append(lnkTitle).append("\">"). - append(lnkName).append("</a>\n\t\t\t\t\t\t\t\t</div>\n"); + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)).append("</a>\n\t\t\t\t\t\t\t\t</div>\n"); } else if (menuType == FOLDER_TYPE) { sb.append("\t\t\t\t\t\t\t<div>\n\t\t\t\t\t\t\t\t<a href=\""). append(lnkUrl).append("\""). append("class=\"LinkFolder\" ").append("title=\""). - append(lnkTitle).append("\">"). - append(lnkName).append("</a>\n\t\t\t\t\t\t\t\t</div>\n"); + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)).append("</a>\n\t\t\t\t\t\t\t\t</div>\n"); } rowStarted = true; @@ -490,7 +491,7 @@ limitations under the License. append("\t\t\t\t\t\t\t</div>\n"); } sb.append("\t\t\t\t\t\t\t\t<div class=\"label\">"). - append(sepText).append("</div>\n"); + append(StringEscapeUtils.escapeXml(sepText)).append("</div>\n"); rowStarted = true; elmStarted = false; //already outputed } @@ -523,9 +524,9 @@ limitations under the License. { sb.append("\t\t\t\t\t\t\t\t\t"). append("<div class=\"pagetitle\" "). - append("title=\"").append(menuTitle). - append("\">").append(menuName). - append(menuName).append("</div>\n"); + append("title=\"").append(StringEscapeUtils.escapeXml(menuTitle)). + append("\">").append(StringEscapeUtils.escapeXml(menuName)). + append(StringEscapeUtils.escapeXml(menuName)).append("</div>\n"); } sb.append("\t\t\t\t\t\t\t\t\t").append("<div><!-- S: nested menu -->\n"); @@ -563,8 +564,8 @@ limitations under the License. sepText = ""; sb.append("\t\t\t\t\t\t\t\t"). append("<div class=\"pagetitle\" "). - append(" title=\"").append(sepTitle).append("\">"). - append(sepText).append("</div>\n"); + append(" title=\"").append(StringEscapeUtils.escapeXml(sepTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(sepText)).append("</div>\n"); } } //while @@ -622,7 +623,7 @@ limitations under the License. append("<td class=\"LTabLeft\" nowrap=\"nowrap\"> </td>\n"). append(TAB_INDENT_3). append("<td class=\"LTab\" align=\"center\" valign=\"middle\" nowrap=\"nowrap\" title=\""). - append(tabTitle).append("\">").append(tabName).append("</td>\n"). + append(StringEscapeUtils.escapeXml(tabTitle)).append("\">").append(StringEscapeUtils.escapeXml(tabName)).append("</td>\n"). append(TAB_INDENT_3). append("<td class=\"LTabRight\" nowrap=\"nowrap\"> </td>\n"); @@ -635,9 +636,9 @@ limitations under the License. append(TAB_INDENT_3). append("<td class=\"LTabLow\" align=\"center\" "). append("valign=\"middle\" nowrap=\"nowrap\" title=\""). - append(tabTitle).append("\">"). + append(StringEscapeUtils.escapeXml(tabTitle)).append("\">"). append("<a href=\"").append(tabUrl).append("\">"). - append(tabName). + append(StringEscapeUtils.escapeXml(tabName)). append("</a>").append("</td>\n"). append(TAB_INDENT_3). append("<td class=\"LTabRightLow\" nowrap=\"nowrap\"> </td>\n"); Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/decorations/layout/purpleplanet/decorator-macros.vm URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/decorations/layout/purpleplanet/decorator-macros.vm?rev=1726469&r1=1726468&r2=1726469&view=diff ============================================================================== --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/decorations/layout/purpleplanet/decorator-macros.vm (original) +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/decorations/layout/purpleplanet/decorator-macros.vm Sun Jan 24 08:08:04 2016 @@ -34,10 +34,10 @@ #set($tabName = $element.getShortTitle($preferedLocale)) #if($_orientation == $LEFT_TO_RIGHT) #if($element.isSelected($site)) - <li>${tabName}</li> + <li>$esc.xml(${tabName})</li> #else #set($tabUrl = $jetspeed.getAbsoluteUrl($element.url)) - <li><a href="$tabUrl">${tabName}</a></li> + <li><a href="$tabUrl">$esc.xml(${tabName})</a></li> #end #end #end @@ -62,10 +62,10 @@ #if($_title == $TITLE_FIRST) #if($_orientation == $LEFT_TO_RIGHT) - <span title="$!menuTitle">${menuName} </span> + <span title="$!esc.xml($!menuTitle)">$esc.xml(${menuName}) </span> #elseif($_orientation == $TOP_TO_BOTTOM) - <div class="pagetitle" title="$!menuTitle">${menuName}</div> + <div class="pagetitle" title="$!esc.xml($!menuTitle)">$esc.xml(${menuName})</div> #end #end #foreach($element in $_menu.elements.iterator()) @@ -83,16 +83,16 @@ #end #if($element.type == "page") - <a href="$linkUrl" class="LinkPage" title="$!linkTitle">${linkName}</a> + <a href="$linkUrl" class="LinkPage" title="$!esc.xml($!linkTitle)">$esc.xml(${linkName})</a> #elseif($element.type == "link") - <a href="$linkUrl" class="Link" title="$!linkTitle">${linkName}</a> + <a href="$linkUrl" class="Link" title="$!esc.xml($!linkTitle)">$esc.xml(${linkName})</a> #elseif($element.type == "folder") - <a href="$linkUrl" class="LinkFolder" title="$!linkTitle">${linkName}</a> + <a href="$linkUrl" class="LinkFolder" title="$!esc.xml($!linkTitle)">$esc.xml(${linkName})</a> #else - <a href="$linkUrl" title="$!linkTitle">${linkName}</a> + <a href="$linkUrl" title="$!esc.xml($!linkTitle)">$esc.xml(${linkName})</a> #end #if($_orientation == $LEFT_TO_RIGHT) ${__delimiter}</span> @@ -103,10 +103,10 @@ #else #if($_orientation == $LEFT_TO_RIGHT) - <span title="$!linkTitle">${linkName} </span> + <span title="$!esc.xml($!linkTitle)">$esc.xml(${linkName}) </span> #elseif($_orientation == $TOP_TO_BOTTOM) - <div title="$!linkTitle">${linkName}</div> + <div title="$!esc.xml($!linkTitle)">$esc.xml(${linkName})</div> #end #end #elseif($element.elementType == "separator") @@ -114,20 +114,20 @@ #set($separatorText = $element.getText($preferedLocale)) #if($_orientation == $LEFT_TO_RIGHT) - <span title="$!separatorTitle">${separatorText}${__delimiter}</span> + <span title="$!esc.xml($!separatorTitle)">$esc.xml(${separatorText})${__delimiter}</span> #elseif($_orientation == $TOP_TO_BOTTOM) - <div class="pagetitle" title="$!separatorTitle">${separatorText}</div> + <div class="pagetitle" title="$!esc.xml($!separatorTitle)">$esc.xml(${separatorText})</div> #end #end #end #if($_title == $TITLE_LAST) #if($_orientation == $LEFT_TO_RIGHT) - <span title="$!menuTitle">${menuName} </span> + <span title="$!esc.xml($!menuTitle)">$esc.xml(${menuName}) </span> #elseif($_orientation == $TOP_TO_BOTTOM) - <div class="pagetitle" title="$!menuTitle">${menuName}</div> + <div class="pagetitle" title="$!esc.xml($!menuTitle)">$esc.xml(${menuName})</div> #end #end @@ -139,7 +139,7 @@ #set($menuTitle = $_menu.getTitle($preferedLocale)) #set($menuName = $_menu.getShortTitle($preferedLocale)) #if($menuName) - <div class="pagetitle" title="$!menuTitle">${menuName}</div> + <div class="pagetitle" title="$!esc.xml($!menuTitle)">$esc.xml(${menuName})</div> #end <div> #foreach($element in $_menu.elements.iterator()) @@ -148,19 +148,19 @@ #set($linkName = $element.getShortTitle($preferedLocale)) #set($linkUrl = $jetspeed.getAbsoluteUrl($element.url)) #if($element.type == "page") - <div><a href="$linkUrl" class="LinkPage" title="$!linkTitle">${linkName}</a></div> + <div><a href="$linkUrl" class="LinkPage" title="$!esc.xml($!linkTitle)">$esc.xml(${linkName})</a></div> #elseif($element.type == "link") #set($linkTarget = $element.target) - <div><a href="$linkUrl" target="$linkTarget" class="Link" title="$!linkTitle">${linkName}</a></div> + <div><a href="$linkUrl" target="$linkTarget" class="Link" title="$!esc.xml($!linkTitle)">$esc.xml(${linkName})</a></div> #elseif($element.type == "folder") - <div><a href="$linkUrl" class="LinkFolder" title="$!linkTitle">$linkName</a></div> + <div><a href="$linkUrl" class="LinkFolder" title="$!esc.xml($!linkTitle)">$esc.xml($linkName)</a></div> #end #elseif($element.elementType == "menu") #includeNestedLinksWithIconNavigation($element $_orientation) #elseif($element.elementType == "separator") #set($separatorTitle = $element.getTitle($preferedLocale)) #set($separatorText = $element.getText($preferedLocale)) - <div class="pagetitle" title="$!separatorTitle">${separatorText}</div> + <div class="pagetitle" title="$!esc.xml($!separatorTitle)">$esc.xml(${separatorText})</div> #end #end </div> @@ -186,12 +186,12 @@ #set($linkName = $element.getShortTitle($preferedLocale)) #set($linkUrl = $jetspeed.getAbsoluteUrl($element.url)) #if($element.type == "page") - <div><a href="$linkUrl" class="LinkPage" title="$!linkTitle">${linkName}</a></div> + <div><a href="$linkUrl" class="LinkPage" title="$!esc.xml($!linkTitle)">$esc.xml(${linkName})</a></div> #elseif($element.type == "link") #set($linkTarget = $element.target) - <div><a href="$linkUrl" target="$!linkTarget" class="Link" title="$!linkTitle">${linkName}</a></div> + <div><a href="$linkUrl" target="$!linkTarget" class="Link" title="$!esc.xml($!linkTitle)">$esc.xml(${linkName})</a></div> #elseif($element.type == "folder") - <div><a href="$linkUrl" class="LinkFolder" title="$!linkTitle">$linkName</a></div> + <div><a href="$linkUrl" class="LinkFolder" title="$!esc.xml($!linkTitle)">$esc.xml($linkName)</a></div> #end #set($rowStarted = true) #set($elementsStarted = true) @@ -221,7 +221,7 @@ #set($separatorTitle = $element.getTitle($preferedLocale)) #set($separatorText = $element.getText($preferedLocale)) <div class="label"> - ${separatorText} + $esc.xml(${separatorText}) </div> #set($rowStarted = true) #set($elementsStarted = false) @@ -248,14 +248,14 @@ #set($tabName = $element.getShortTitle($preferedLocale)) #if($element.isSelected($site)) <td class="LTabLeft" nowrap="nowrap"> </td> - <td class="LTab" align="center" valign="middle" nowrap="nowrap" title="$!tabTitle">${tabName}</td> + <td class="LTab" align="center" valign="middle" nowrap="nowrap" title="$!esc.xml($!tabTitle)">$esc.xml(${tabName})</td> <td class="LTabRight" nowrap="nowrap"> </td> #set ($sitem = $element) #set ($found = "true") #else #set($tabUrl = $jetspeed.getAbsoluteUrl($element.url)) <td class="LTabLeftLow" nowrap="nowrap"> </td> - <td class="LTabLow" align="center" valign="middle" nowrap="nowrap" title="$!tabTitle"><a href="$tabUrl">${tabName}</a></td> + <td class="LTabLow" align="center" valign="middle" nowrap="nowrap" title="$!esc.xml($!tabTitle)"><a href="$tabUrl">$esc.xml(${tabName})</a></td> <td class="LTabRightLow" nowrap="nowrap"> </td> #end #else Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/decorations/layout/purpleplanet/tigrisNavigations.jsp URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/decorations/layout/purpleplanet/tigrisNavigations.jsp?rev=1726469&r1=1726468&r2=1726469&view=diff ============================================================================== --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/decorations/layout/purpleplanet/tigrisNavigations.jsp (original) +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/decorations/layout/purpleplanet/tigrisNavigations.jsp Sun Jan 24 08:08:04 2016 @@ -20,6 +20,7 @@ limitations under the License. <%@taglib uri="http://java.sun.com/jsp/jstl/fmt"; prefix="fmt" %> <%@taglib uri="http://java.sun.com/portlet"; prefix="portlet" %> +<%@page import="org.apache.commons.lang.StringEscapeUtils"%> <%@page import="org.apache.commons.logging.Log"%> <%@page import="org.apache.commons.logging.LogFactory"%> <%@page import="org.apache.jetspeed.portalsite.PortalSiteRequestContext"%> @@ -119,8 +120,8 @@ limitations under the License. append("<a href=\""). append(lnkUrl).append("\""). append("class=\"LinkPage\" ").append("title=\""). - append(lnkTitle).append("\">"). - append(lnkName).append("</a>\n"). + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)).append("</a>\n"). append(TAB_INDENT_1).append("</div>\n"); } @@ -136,8 +137,8 @@ limitations under the License. sb.append(" target=\"").append(lnkTarget).append("\""); } sb.append(" class=\"Link\" ").append(" title=\""). - append(lnkTitle).append("\">"). - append(lnkName).append("</a>\n"). + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)).append("</a>\n"). append(TAB_INDENT_1).append("</div>\n"); } else if (menuType == FOLDER_TYPE) @@ -147,8 +148,8 @@ limitations under the License. append("<a href=\""). append(lnkUrl).append("\""). append("class=\"LinkFolder\" ").append("title=\""). - append(lnkTitle).append("\">"). - append(lnkName).append("</a>\n"). + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)).append("</a>\n"). append(TAB_INDENT_1).append("</div>\n"); } @@ -196,14 +197,14 @@ limitations under the License. if (orientation == LEFT_TO_RIGHT) { sb.append(TAB_INDENT_2). - append("<span title=\"").append(menuTitle).append("\">"). - append(menuName).append(" </span>\n"); + append("<span title=\"").append(StringEscapeUtils.escapeXml(menuTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(menuName)).append(" </span>\n"); } else if (orientation == TOP_TO_BOTTOM) { sb.append(TAB_INDENT_2).append("<div class=\"pagetitle\" title=\""). - append(menuTitle).append("\">"). - append(menuName).append(TAB_INDENT_2). + append(StringEscapeUtils.escapeXml(menuTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(menuName)).append(TAB_INDENT_2). append("</div>\n"); } } @@ -250,8 +251,8 @@ limitations under the License. sb.append("<a href=\""). append(lnkUrl).append("\""). append(" class=\"LinkPage\" title=\""). - append(lnkTitle).append("\">"). - append(lnkName). + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)). append("</a>"); } else if (menuType == LINK_TYPE) @@ -259,8 +260,8 @@ limitations under the License. sb.append("<a href=\""). append(lnkUrl).append("\""). append(" class=\"Link\" title=\""). - append(lnkTitle).append("\">"). - append(lnkName). + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)). append("</a>"); } @@ -269,8 +270,8 @@ limitations under the License. sb.append("<a href=\""). append(lnkUrl).append("\""). append(" class=\"LinkFolder\" title=\""). - append(lnkTitle).append("\">"). - append(lnkName). + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)). append("</a>"); } else @@ -278,8 +279,8 @@ limitations under the License. sb.append("<a href=\""). append(lnkUrl).append("\""). append(" title=\""). - append(lnkTitle).append("\">"). - append(lnkName). + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)). append("</a>"); } @@ -297,14 +298,14 @@ limitations under the License. if (orientation == LEFT_TO_RIGHT) { sb.append(TAB_INDENT_2).append("<span title=\""). - append(lnkTitle).append("\">"). - append(lnkName).append(" ").append("</span>\n"); + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)).append(" ").append("</span>\n"); } else if (orientation == TOP_TO_BOTTOM) { sb.append(TAB_INDENT_2).append("<div title=\""). - append(lnkTitle).append("\">"). - append(lnkName).append("</div>\n"); + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)).append("</div>\n"); } } // Not BREADCRUMB_STYLE etc. @@ -320,14 +321,14 @@ limitations under the License. sepText = ""; if (orientation == LEFT_TO_RIGHT) { - sb.append(TAB_INDENT_2).append("<span title=\"").append(sepTitle).append("\">"). - append(sepText).append(delimiter).append("</span>\n"); + sb.append(TAB_INDENT_2).append("<span title=\"").append(StringEscapeUtils.escapeXml(sepTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(sepText)).append(delimiter).append("</span>\n"); } else if (orientation == TOP_TO_BOTTOM) { sb.append(TAB_INDENT_2).append("<div class=\"pagetitle\" title=\""). - append(sepTitle).append("\">"). - append(sepText).append("</div>\n"); + append(StringEscapeUtils.escapeXml(sepTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(sepText)).append("</div>\n"); } } @@ -336,15 +337,15 @@ limitations under the License. { if (orientation == LEFT_TO_RIGHT) { - sb.append(TAB_INDENT_2).append("<span title=\"").append(menuTitle).append("\">"). - append(menuName).append(" ").append("</span>\n"); + sb.append(TAB_INDENT_2).append("<span title=\"").append(StringEscapeUtils.escapeXml(menuTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(menuName)).append(" ").append("</span>\n"); } else { sb.append(TAB_INDENT_2).append("<div class=\"pagetitle\" title=\""). - append(menuTitle).append("\">"). - append(menuName).append("</div>\n"); + append(StringEscapeUtils.escapeXml(menuTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(menuName)).append("</div>\n"); } } @@ -419,8 +420,8 @@ limitations under the License. sb.append("\t\t\t\t\t\t\t<div>\n\t\t\t\t\t\t\t\t<a href=\""). append(lnkUrl).append("\""). append("class=\"LinkPage\" ").append("title=\""). - append(lnkTitle).append("\">"). - append(lnkName).append("</a>\n\t\t\t\t\t\t\t\t</div>\n"); + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)).append("</a>\n\t\t\t\t\t\t\t\t</div>\n"); } else if (menuType == LINK_TYPE) @@ -432,16 +433,16 @@ limitations under the License. append(lnkUrl).append("\""). append(" target=\"").append(lnkTarget).append("\" "). append("class=\"Link\" ").append("title=\""). - append(lnkTitle).append("\">"). - append(lnkName).append("</a>\n\t\t\t\t\t\t\t\t</div>\n"); + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)).append("</a>\n\t\t\t\t\t\t\t\t</div>\n"); } else if (menuType == FOLDER_TYPE) { sb.append("\t\t\t\t\t\t\t<div>\n\t\t\t\t\t\t\t\t<a href=\""). append(lnkUrl).append("\""). append("class=\"LinkFolder\" ").append("title=\""). - append(lnkTitle).append("\">"). - append(lnkName).append("</a>\n\t\t\t\t\t\t\t\t</div>\n"); + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)).append("</a>\n\t\t\t\t\t\t\t\t</div>\n"); } rowStarted = true; @@ -490,7 +491,7 @@ limitations under the License. append("\t\t\t\t\t\t\t</div>\n"); } sb.append("\t\t\t\t\t\t\t\t<div class=\"label\">"). - append(sepText).append("</div>\n"); + append(StringEscapeUtils.escapeXml(sepText)).append("</div>\n"); rowStarted = true; elmStarted = false; //already outputed } @@ -523,9 +524,9 @@ limitations under the License. { sb.append("\t\t\t\t\t\t\t\t\t"). append("<div class=\"pagetitle\" "). - append("title=\"").append(menuTitle). - append("\">").append(menuName). - append(menuName).append("</div>\n"); + append("title=\"").append(StringEscapeUtils.escapeXml(menuTitle)). + append("\">").append(StringEscapeUtils.escapeXml(menuName)). + append(StringEscapeUtils.escapeXml(menuName)).append("</div>\n"); } sb.append("\t\t\t\t\t\t\t\t\t").append("<div><!-- S: nested menu -->\n"); @@ -563,8 +564,8 @@ limitations under the License. sepText = ""; sb.append("\t\t\t\t\t\t\t\t"). append("<div class=\"pagetitle\" "). - append(" title=\"").append(sepTitle).append("\">"). - append(sepText).append("</div>\n"); + append(" title=\"").append(StringEscapeUtils.escapeXml(sepTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(sepText)).append("</div>\n"); } } //while @@ -622,7 +623,7 @@ limitations under the License. append("<td class=\"LTabLeft\" nowrap=\"nowrap\"> </td>\n"). append(TAB_INDENT_3). append("<td class=\"LTab\" align=\"center\" valign=\"middle\" nowrap=\"nowrap\" title=\""). - append(tabTitle).append("\">").append(tabName).append("</td>\n"). + append(StringEscapeUtils.escapeXml(tabTitle)).append("\">").append(StringEscapeUtils.escapeXml(tabName)).append("</td>\n"). append(TAB_INDENT_3). append("<td class=\"LTabRight\" nowrap=\"nowrap\"> </td>\n"); @@ -635,9 +636,9 @@ limitations under the License. append(TAB_INDENT_3). append("<td class=\"LTabLow\" align=\"center\" "). append("valign=\"middle\" nowrap=\"nowrap\" title=\""). - append(tabTitle).append("\">"). + append(StringEscapeUtils.escapeXml(tabTitle)).append("\">"). append("<a href=\"").append(tabUrl).append("\">"). - append(tabName). + append(StringEscapeUtils.escapeXml(tabName)). append("</a>").append("</td>\n"). append(TAB_INDENT_3). append("<td class=\"LTabRightLow\" nowrap=\"nowrap\"> </td>\n"); Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/decorations/layout/turbo/decorator-macros.vm URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/decorations/layout/turbo/decorator-macros.vm?rev=1726469&r1=1726468&r2=1726469&view=diff ============================================================================== --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/decorations/layout/turbo/decorator-macros.vm (original) +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/decorations/layout/turbo/decorator-macros.vm Sun Jan 24 08:08:04 2016 @@ -34,10 +34,10 @@ #set($tabName = $element.getShortTitle($preferedLocale)) #if($_orientation == $LEFT_TO_RIGHT) #if($element.isSelected($site)) - <li>${tabName}</li> + <li>$esc.xml(${tabName})</li> #else #set($tabUrl = $jetspeed.getAbsoluteUrl($element.url)) - <li><a href="$tabUrl">${tabName}</a></li> + <li><a href="$tabUrl">$esc.xml(${tabName})</a></li> #end #end #end @@ -62,10 +62,10 @@ #if($_title == $TITLE_FIRST) #if($_orientation == $LEFT_TO_RIGHT) - <span title="$!menuTitle">${menuName} </span> + <span title="$!esc.xml($!menuTitle)">$esc.xml(${menuName}) </span> #elseif($_orientation == $TOP_TO_BOTTOM) - <div class="pagetitle" title="$!menuTitle">${menuName}</div> + <div class="pagetitle" title="$!esc.xml($!menuTitle)">$esc.xml(${menuName})</div> #end #end #foreach($element in $_menu.elements.iterator()) @@ -83,16 +83,16 @@ #end #if($element.type == "page") - <a href="$linkUrl" class="LinkPage" title="$!linkTitle">${linkName}</a> + <a href="$linkUrl" class="LinkPage" title="$!esc.xml($!linkTitle)">$esc.xml(${linkName})</a> #elseif($element.type == "link") - <a href="$linkUrl" class="Link" title="$!linkTitle">${linkName}</a> + <a href="$linkUrl" class="Link" title="$!esc.xml($!linkTitle)">$esc.xml(${linkName})</a> #elseif($element.type == "folder") - <a href="$linkUrl" class="LinkFolder" title="$!linkTitle">${linkName}</a> + <a href="$linkUrl" class="LinkFolder" title="$!esc.xml($!linkTitle)">$esc.xml(${linkName})</a> #else - <a href="$linkUrl" title="$!linkTitle">${linkName}</a> + <a href="$linkUrl" title="$!esc.xml($!linkTitle)">$esc.xml(${linkName})</a> #end #if($_orientation == $LEFT_TO_RIGHT) ${__delimiter}</span> @@ -103,10 +103,10 @@ #else #if($_orientation == $LEFT_TO_RIGHT) - <span title="$!linkTitle">${linkName} </span> + <span title="$!esc.xml($!linkTitle)">$esc.xml(${linkName}) </span> #elseif($_orientation == $TOP_TO_BOTTOM) - <div title="$!linkTitle">${linkName}</div> + <div title="$!esc.xml($!linkTitle)">$esc.xml(${linkName})</div> #end #end #elseif($element.elementType == "separator") @@ -114,20 +114,20 @@ #set($separatorText = $element.getText($preferedLocale)) #if($_orientation == $LEFT_TO_RIGHT) - <span title="$!separatorTitle">${separatorText}${__delimiter}</span> + <span title="$!esc.xml($!separatorTitle)">$esc.xml(${separatorText})${__delimiter}</span> #elseif($_orientation == $TOP_TO_BOTTOM) - <div class="pagetitle" title="$!separatorTitle">${separatorText}</div> + <div class="pagetitle" title="$!esc.xml($!separatorTitle)">$esc.xml(${separatorText})</div> #end #end #end #if($_title == $TITLE_LAST) #if($_orientation == $LEFT_TO_RIGHT) - <span title="$!menuTitle">${menuName} </span> + <span title="$!esc.xml($!menuTitle)">$esc.xml(${menuName}) </span> #elseif($_orientation == $TOP_TO_BOTTOM) - <div class="pagetitle" title="$!menuTitle">${menuName}</div> + <div class="pagetitle" title="$!esc.xml($!menuTitle)">$esc.xml(${menuName})</div> #end #end @@ -139,7 +139,7 @@ #set($menuTitle = $_menu.getTitle($preferedLocale)) #set($menuName = $_menu.getShortTitle($preferedLocale)) #if($menuName) - <div class="pagetitle" title="$!menuTitle">${menuName}</div> + <div class="pagetitle" title="$!esc.xml($!menuTitle)">$esc.xml(${menuName})</div> #end <div> #foreach($element in $_menu.elements.iterator()) @@ -148,19 +148,19 @@ #set($linkName = $element.getShortTitle($preferedLocale)) #set($linkUrl = $jetspeed.getAbsoluteUrl($element.url)) #if($element.type == "page") - <div><a href="$linkUrl" class="LinkPage" title="$!linkTitle">${linkName}</a></div> + <div><a href="$linkUrl" class="LinkPage" title="$!esc.xml($!linkTitle)">$esc.xml(${linkName})</a></div> #elseif($element.type == "link") #set($linkTarget = $element.target) - <div><a href="$linkUrl" target="$linkTarget" class="Link" title="$!linkTitle">${linkName}</a></div> + <div><a href="$linkUrl" target="$linkTarget" class="Link" title="$!esc.xml($!linkTitle)">$esc.xml(${linkName})</a></div> #elseif($element.type == "folder") - <div><a href="$linkUrl" class="LinkFolder" title="$!linkTitle">$linkName</a></div> + <div><a href="$linkUrl" class="LinkFolder" title="$!esc.xml($!linkTitle)">$esc.xml($linkName)</a></div> #end #elseif($element.elementType == "menu") #includeNestedLinksWithIconNavigation($element $_orientation) #elseif($element.elementType == "separator") #set($separatorTitle = $element.getTitle($preferedLocale)) #set($separatorText = $element.getText($preferedLocale)) - <div class="pagetitle" title="$!separatorTitle">${separatorText}</div> + <div class="pagetitle" title="$!esc.xml($!separatorTitle)">$esc.xml(${separatorText})</div> #end #end </div> @@ -186,12 +186,12 @@ #set($linkName = $element.getShortTitle($preferedLocale)) #set($linkUrl = $jetspeed.getAbsoluteUrl($element.url)) #if($element.type == "page") - <div><a href="$linkUrl" class="LinkPage" title="$!linkTitle">${linkName}</a></div> + <div><a href="$linkUrl" class="LinkPage" title="$!esc.xml($!linkTitle)">$esc.xml(${linkName})</a></div> #elseif($element.type == "link") #set($linkTarget = $element.target) - <div><a href="$linkUrl" target="$!linkTarget" class="Link" title="$!linkTitle">${linkName}</a></div> + <div><a href="$linkUrl" target="$!linkTarget" class="Link" title="$!esc.xml($!linkTitle)">$esc.xml(${linkName})</a></div> #elseif($element.type == "folder") - <div><a href="$linkUrl" class="LinkFolder" title="$!linkTitle">$linkName</a></div> + <div><a href="$linkUrl" class="LinkFolder" title="$!esc.xml($!linkTitle)">$esc.xml($linkName)</a></div> #end #set($rowStarted = true) #set($elementsStarted = true) @@ -221,7 +221,7 @@ #set($separatorTitle = $element.getTitle($preferedLocale)) #set($separatorText = $element.getText($preferedLocale)) <div class="label"> - ${separatorText} + $esc.xml(${separatorText}) </div> #set($rowStarted = true) #set($elementsStarted = false) @@ -248,14 +248,14 @@ #set($tabName = $element.getShortTitle($preferedLocale)) #if($element.isSelected($site)) <td class="LTabLeft" nowrap="nowrap"> </td> - <td class="LTab" align="center" valign="middle" nowrap="nowrap" title="$!tabTitle">${tabName}</td> + <td class="LTab" align="center" valign="middle" nowrap="nowrap" title="$!esc.xml($!tabTitle)">$esc.xml(${tabName})</td> <td class="LTabRight" nowrap="nowrap"> </td> #set ($sitem = $element) #set ($found = "true") #else #set($tabUrl = $jetspeed.getAbsoluteUrl($element.url)) <td class="LTabLeftLow" nowrap="nowrap"> </td> - <td class="LTabLow" align="center" valign="middle" nowrap="nowrap" title="$!tabTitle"><a href="$tabUrl">${tabName}</a></td> + <td class="LTabLow" align="center" valign="middle" nowrap="nowrap" title="$!esc.xml($!tabTitle)"><a href="$tabUrl">$esc.xml(${tabName})</a></td> <td class="LTabRightLow" nowrap="nowrap"> </td> #end #else Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/decorations/layout/turbo/tigrisNavigations.jsp URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/decorations/layout/turbo/tigrisNavigations.jsp?rev=1726469&r1=1726468&r2=1726469&view=diff ============================================================================== --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/decorations/layout/turbo/tigrisNavigations.jsp (original) +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/decorations/layout/turbo/tigrisNavigations.jsp Sun Jan 24 08:08:04 2016 @@ -20,6 +20,7 @@ limitations under the License. <%@taglib uri="http://java.sun.com/jsp/jstl/fmt"; prefix="fmt" %> <%@taglib uri="http://java.sun.com/portlet"; prefix="portlet" %> +<%@page import="org.apache.commons.lang.StringEscapeUtils"%> <%@page import="org.apache.commons.logging.Log"%> <%@page import="org.apache.commons.logging.LogFactory"%> <%@page import="org.apache.jetspeed.portalsite.PortalSiteRequestContext"%> @@ -119,8 +120,8 @@ limitations under the License. append("<a href=\""). append(lnkUrl).append("\""). append("class=\"LinkPage\" ").append("title=\""). - append(lnkTitle).append("\">"). - append(lnkName).append("</a>\n"). + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)).append("</a>\n"). append(TAB_INDENT_1).append("</div>\n"); } @@ -136,8 +137,8 @@ limitations under the License. sb.append(" target=\"").append(lnkTarget).append("\""); } sb.append(" class=\"Link\" ").append(" title=\""). - append(lnkTitle).append("\">"). - append(lnkName).append("</a>\n"). + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)).append("</a>\n"). append(TAB_INDENT_1).append("</div>\n"); } else if (menuType == FOLDER_TYPE) @@ -147,8 +148,8 @@ limitations under the License. append("<a href=\""). append(lnkUrl).append("\""). append("class=\"LinkFolder\" ").append("title=\""). - append(lnkTitle).append("\">"). - append(lnkName).append("</a>\n"). + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)).append("</a>\n"). append(TAB_INDENT_1).append("</div>\n"); } @@ -196,14 +197,14 @@ limitations under the License. if (orientation == LEFT_TO_RIGHT) { sb.append(TAB_INDENT_2). - append("<span title=\"").append(menuTitle).append("\">"). - append(menuName).append(" </span>\n"); + append("<span title=\"").append(StringEscapeUtils.escapeXml(menuTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(menuName)).append(" </span>\n"); } else if (orientation == TOP_TO_BOTTOM) { sb.append(TAB_INDENT_2).append("<div class=\"pagetitle\" title=\""). - append(menuTitle).append("\">"). - append(menuName).append(TAB_INDENT_2). + append(StringEscapeUtils.escapeXml(menuTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(menuName)).append(TAB_INDENT_2). append("</div>\n"); } } @@ -250,8 +251,8 @@ limitations under the License. sb.append("<a href=\""). append(lnkUrl).append("\""). append(" class=\"LinkPage\" title=\""). - append(lnkTitle).append("\">"). - append(lnkName). + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)). append("</a>"); } else if (menuType == LINK_TYPE) @@ -259,8 +260,8 @@ limitations under the License. sb.append("<a href=\""). append(lnkUrl).append("\""). append(" class=\"Link\" title=\""). - append(lnkTitle).append("\">"). - append(lnkName). + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)). append("</a>"); } @@ -269,8 +270,8 @@ limitations under the License. sb.append("<a href=\""). append(lnkUrl).append("\""). append(" class=\"LinkFolder\" title=\""). - append(lnkTitle).append("\">"). - append(lnkName). + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)). append("</a>"); } else @@ -278,8 +279,8 @@ limitations under the License. sb.append("<a href=\""). append(lnkUrl).append("\""). append(" title=\""). - append(lnkTitle).append("\">"). - append(lnkName). + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)). append("</a>"); } @@ -297,14 +298,14 @@ limitations under the License. if (orientation == LEFT_TO_RIGHT) { sb.append(TAB_INDENT_2).append("<span title=\""). - append(lnkTitle).append("\">"). - append(lnkName).append(" ").append("</span>\n"); + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)).append(" ").append("</span>\n"); } else if (orientation == TOP_TO_BOTTOM) { sb.append(TAB_INDENT_2).append("<div title=\""). - append(lnkTitle).append("\">"). - append(lnkName).append("</div>\n"); + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)).append("</div>\n"); } } // Not BREADCRUMB_STYLE etc. @@ -320,14 +321,14 @@ limitations under the License. sepText = ""; if (orientation == LEFT_TO_RIGHT) { - sb.append(TAB_INDENT_2).append("<span title=\"").append(sepTitle).append("\">"). - append(sepText).append(delimiter).append("</span>\n"); + sb.append(TAB_INDENT_2).append("<span title=\"").append(StringEscapeUtils.escapeXml(sepTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(sepText)).append(delimiter).append("</span>\n"); } else if (orientation == TOP_TO_BOTTOM) { sb.append(TAB_INDENT_2).append("<div class=\"pagetitle\" title=\""). - append(sepTitle).append("\">"). - append(sepText).append("</div>\n"); + append(StringEscapeUtils.escapeXml(sepTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(sepText)).append("</div>\n"); } } @@ -336,15 +337,15 @@ limitations under the License. { if (orientation == LEFT_TO_RIGHT) { - sb.append(TAB_INDENT_2).append("<span title=\"").append(menuTitle).append("\">"). - append(menuName).append(" ").append("</span>\n"); + sb.append(TAB_INDENT_2).append("<span title=\"").append(StringEscapeUtils.escapeXml(menuTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(menuName)).append(" ").append("</span>\n"); } else { sb.append(TAB_INDENT_2).append("<div class=\"pagetitle\" title=\""). - append(menuTitle).append("\">"). - append(menuName).append("</div>\n"); + append(StringEscapeUtils.escapeXml(menuTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(menuName)).append("</div>\n"); } } @@ -419,8 +420,8 @@ limitations under the License. sb.append("\t\t\t\t\t\t\t<div>\n\t\t\t\t\t\t\t\t<a href=\""). append(lnkUrl).append("\""). append("class=\"LinkPage\" ").append("title=\""). - append(lnkTitle).append("\">"). - append(lnkName).append("</a>\n\t\t\t\t\t\t\t\t</div>\n"); + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)).append("</a>\n\t\t\t\t\t\t\t\t</div>\n"); } else if (menuType == LINK_TYPE) @@ -432,16 +433,16 @@ limitations under the License. append(lnkUrl).append("\""). append(" target=\"").append(lnkTarget).append("\" "). append("class=\"Link\" ").append("title=\""). - append(lnkTitle).append("\">"). - append(lnkName).append("</a>\n\t\t\t\t\t\t\t\t</div>\n"); + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)).append("</a>\n\t\t\t\t\t\t\t\t</div>\n"); } else if (menuType == FOLDER_TYPE) { sb.append("\t\t\t\t\t\t\t<div>\n\t\t\t\t\t\t\t\t<a href=\""). append(lnkUrl).append("\""). append("class=\"LinkFolder\" ").append("title=\""). - append(lnkTitle).append("\">"). - append(lnkName).append("</a>\n\t\t\t\t\t\t\t\t</div>\n"); + append(StringEscapeUtils.escapeXml(lnkTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(lnkName)).append("</a>\n\t\t\t\t\t\t\t\t</div>\n"); } rowStarted = true; @@ -490,7 +491,7 @@ limitations under the License. append("\t\t\t\t\t\t\t</div>\n"); } sb.append("\t\t\t\t\t\t\t\t<div class=\"label\">"). - append(sepText).append("</div>\n"); + append(StringEscapeUtils.escapeXml(sepText)).append("</div>\n"); rowStarted = true; elmStarted = false; //already outputed } @@ -523,9 +524,9 @@ limitations under the License. { sb.append("\t\t\t\t\t\t\t\t\t"). append("<div class=\"pagetitle\" "). - append("title=\"").append(menuTitle). - append("\">").append(menuName). - append(menuName).append("</div>\n"); + append("title=\"").append(StringEscapeUtils.escapeXml(menuTitle)). + append("\">").append(StringEscapeUtils.escapeXml(menuName)). + append(StringEscapeUtils.escapeXml(menuName)).append("</div>\n"); } sb.append("\t\t\t\t\t\t\t\t\t").append("<div><!-- S: nested menu -->\n"); @@ -563,8 +564,8 @@ limitations under the License. sepText = ""; sb.append("\t\t\t\t\t\t\t\t"). append("<div class=\"pagetitle\" "). - append(" title=\"").append(sepTitle).append("\">"). - append(sepText).append("</div>\n"); + append(" title=\"").append(StringEscapeUtils.escapeXml(sepTitle)).append("\">"). + append(StringEscapeUtils.escapeXml(sepText)).append("</div>\n"); } } //while @@ -622,7 +623,7 @@ limitations under the License. append("<td class=\"LTabLeft\" nowrap=\"nowrap\"> </td>\n"). append(TAB_INDENT_3). append("<td class=\"LTab\" align=\"center\" valign=\"middle\" nowrap=\"nowrap\" title=\""). - append(tabTitle).append("\">").append(tabName).append("</td>\n"). + append(StringEscapeUtils.escapeXml(tabTitle)).append("\">").append(StringEscapeUtils.escapeXml(tabName)).append("</td>\n"). append(TAB_INDENT_3). append("<td class=\"LTabRight\" nowrap=\"nowrap\"> </td>\n"); @@ -635,9 +636,9 @@ limitations under the License. append(TAB_INDENT_3). append("<td class=\"LTabLow\" align=\"center\" "). append("valign=\"middle\" nowrap=\"nowrap\" title=\""). - append(tabTitle).append("\">"). + append(StringEscapeUtils.escapeXml(tabTitle)).append("\">"). append("<a href=\"").append(tabUrl).append("\">"). - append(tabName). + append(StringEscapeUtils.escapeXml(tabName)). append("</a>").append("</td>\n"). append(TAB_INDENT_3). append("<td class=\"LTabRightLow\" nowrap=\"nowrap\"> </td>\n"); --------------------------------------------------------------------- To unsubscribe, e-mail: jetspeed-dev-unsubscr...@portals.apache.org For additional commands, e-mail: jetspeed-dev-h...@portals.apache.org
