You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by ja...@apache.org on 2013/01/14 10:36:37 UTC
svn commit: r1432850 - in /ofbiz/branches/release11.04: ./
framework/widget/src/org/ofbiz/widget/screen/ModelScreenWidget.java
Author: jacopoc
Date: Mon Jan 14 09:36:37 2013
New Revision: 1432850
URL: http://svn.apache.org/viewvc?rev=1432850&view=rev
Log:
Applied fix from trunk for revision: 1432833
===
The Image.alt is now escaped to prevent the risk of an XSS attack.
Modified:
ofbiz/branches/release11.04/ (props changed)
ofbiz/branches/release11.04/framework/widget/src/org/ofbiz/widget/screen/ModelScreenWidget.java
Propchange: ofbiz/branches/release11.04/
------------------------------------------------------------------------------
Merged /ofbiz/trunk:r1432833
Modified: ofbiz/branches/release11.04/framework/widget/src/org/ofbiz/widget/screen/ModelScreenWidget.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/release11.04/framework/widget/src/org/ofbiz/widget/screen/ModelScreenWidget.java?rev=1432850&r1=1432849&r2=1432850&view=diff
==============================================================================
--- ofbiz/branches/release11.04/framework/widget/src/org/ofbiz/widget/screen/ModelScreenWidget.java (original)
+++ ofbiz/branches/release11.04/framework/widget/src/org/ofbiz/widget/screen/ModelScreenWidget.java Mon Jan 14 09:36:37 2013
@@ -1554,7 +1554,12 @@ public abstract class ModelScreenWidget
}
public String getAlt(Map<String, Object> context) {
- return this.alt.expandString(context);
+ String alt = this.alt.expandString(context);
+ StringUtil.SimpleEncoder simpleEncoder = (StringUtil.SimpleEncoder) context.get("simpleEncoder");
+ if (simpleEncoder != null) {
+ alt = simpleEncoder.encode(alt);
+ }
+ return alt;
}
public String getUrlMode() {