Changeset 1530:e351294c9550

Timestamp:

10/20/10 16:49:05 (3 years ago)

Author:

Thomas Gambet <tgambet@…>

Branch:

default

Message:

~ fixed another xss vulnerability

Files:

• WebContent/WEB-INF/resources/templates/index.vm (modified) (2 diffs)

WebContent/WEB-INF/resources/templates/index.vm

@@ -39 +39 @@
                                                 <p>
                                                         <label title="$uri_title" for="ucn_uri"><span>$uri_label</span>
-                                                                <input type="text" name="${param_prefix}uri" id="ucn_uri" size="45" value="#if($param_uri && $param_uri!='referer')$!param_uri#end"/>
+                                                                <input type="text" name="${param_prefix}uri" id="ucn_uri" size="45" value="#if($param_uri && $param_uri!='referer')$esc.xml($param_uri)#end"/>
                                                         </label>
                                                 </p>
@@ -68 +68 @@
                                                 <p class="instructions">$instruction-by-input</p>
                                                 <p>
-                                                        <textarea id="ucn_text" name="${param_prefix}text" rows="12" cols="70">$!param_text</textarea>
+                                                        <textarea id="ucn_text" name="${param_prefix}text" rows="12" cols="70">$esc.xml($!param_text)</textarea>
                                                         #mimeList($current_task)
                                                 </p>