You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by rg...@apache.org on 2012/02/18 18:44:05 UTC
svn commit: r1290827 - in /struts/struts2/trunk/apps:
portlet/src/main/webapp/WEB-INF/view/
rest-showcase/src/main/webapp/WEB-INF/content/ showcase/src/main/webapp/ajax/
showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/
showcase/src/main/webapp/cha...
Author: rgielen
Date: Sat Feb 18 17:44:04 2012
New Revision: 1290827
URL: http://svn.apache.org/viewvc?rev=1290827&view=rev
Log:
WW-3757
Show how to produce sanitized output of user inputted data
Modified:
struts/struts2/trunk/apps/portlet/src/main/webapp/WEB-INF/view/freeMarkerExample.ftl
struts/struts2/trunk/apps/rest-showcase/src/main/webapp/WEB-INF/content/orders-index.jsp
struts/struts2/trunk/apps/rest-showcase/src/main/webapp/WEB-INF/content/orders-show.jsp
struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/options.ftl
struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel1.ftl
struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel2Submit.ftl
struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel3Submit.ftl
struts/struts2/trunk/apps/showcase/src/main/webapp/chat/showRoom.ftl
struts/struts2/trunk/apps/showcase/src/main/webapp/chat/usersAvailable.ftl
struts/struts2/trunk/apps/showcase/src/main/webapp/continuations/guess.ftl
struts/struts2/trunk/apps/showcase/src/main/webapp/person/list-people.ftl
struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/actionPrefix.ftl
struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/methodPrefix.ftl
struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/redirectActionPrefix.ftl
Modified: struts/struts2/trunk/apps/portlet/src/main/webapp/WEB-INF/view/freeMarkerExample.ftl
URL: http://svn.apache.org/viewvc/struts/struts2/trunk/apps/portlet/src/main/webapp/WEB-INF/view/freeMarkerExample.ftl?rev=1290827&r1=1290826&r2=1290827&view=diff
==============================================================================
--- struts/struts2/trunk/apps/portlet/src/main/webapp/WEB-INF/view/freeMarkerExample.ftl (original)
+++ struts/struts2/trunk/apps/portlet/src/main/webapp/WEB-INF/view/freeMarkerExample.ftl Sat Feb 18 17:44:04 2012
@@ -1,3 +1,3 @@
-<b>Hello from FreeMarker, ${firstName} ${lastName}!</b>
+<b>Hello from FreeMarker, ${firstName?html} ${lastName?html}!</b>
<p/>
<a href="<@s.url action="index"/>">Back to front page</a>
Modified: struts/struts2/trunk/apps/rest-showcase/src/main/webapp/WEB-INF/content/orders-index.jsp
URL: http://svn.apache.org/viewvc/struts/struts2/trunk/apps/rest-showcase/src/main/webapp/WEB-INF/content/orders-index.jsp?rev=1290827&r1=1290826&r2=1290827&view=diff
==============================================================================
--- struts/struts2/trunk/apps/rest-showcase/src/main/webapp/WEB-INF/content/orders-index.jsp (original)
+++ struts/struts2/trunk/apps/rest-showcase/src/main/webapp/WEB-INF/content/orders-index.jsp Sat Feb 18 17:44:04 2012
@@ -20,8 +20,8 @@
<s:iterator value="model">
<tr>
<td>${id}</td>
- <td>${clientName}</td>
- <td>${amount}</td>
+ <td><s:property value="clientName"/></td>
+ <td><s:property value="amount"/></td>
<td><a href="orders/${id}">View</a> |
<a href="orders/${id}/edit">Edit</a> |
<a href="orders/${id}/deleteConfirm">Delete</a></td>
Modified: struts/struts2/trunk/apps/rest-showcase/src/main/webapp/WEB-INF/content/orders-show.jsp
URL: http://svn.apache.org/viewvc/struts/struts2/trunk/apps/rest-showcase/src/main/webapp/WEB-INF/content/orders-show.jsp?rev=1290827&r1=1290826&r2=1290827&view=diff
==============================================================================
--- struts/struts2/trunk/apps/rest-showcase/src/main/webapp/WEB-INF/content/orders-show.jsp (original)
+++ struts/struts2/trunk/apps/rest-showcase/src/main/webapp/WEB-INF/content/orders-show.jsp Sat Feb 18 17:44:04 2012
@@ -1,7 +1,9 @@
<!DOCTYPE html PUBLIC
"-//W3C//DTD XHTML 1.1 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
+
+<%@taglib prefix="s" uri="/struts-tags" %>
+
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Order ${id}</title>
@@ -14,11 +16,11 @@
</tr>
<tr>
<th>Client</th>
- <td>${clientName}</td>
+ <td><s:property value="clientName"/></td>
</tr>
<tr>
<th>Amount</th>
- <td>${amount}</td>
+ <td><s:property value="amount"/></td>
</tr>
</table>
<a href="../orders">Back to Orders</a>
Modified: struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/options.ftl
URL: http://svn.apache.org/viewvc/struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/options.ftl?rev=1290827&r1=1290826&r2=1290827&view=diff
==============================================================================
--- struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/options.ftl (original)
+++ struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/options.ftl Sat Feb 18 17:44:04 2012
@@ -1,5 +1,5 @@
[
<#list options as option>
- ["${option}"],
+ ["${option?html}"],
</#list>
]
\ No newline at end of file
Modified: struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel1.ftl
URL: http://svn.apache.org/viewvc/struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel1.ftl?rev=1290827&r1=1290826&r2=1290827&view=diff
==============================================================================
--- struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel1.ftl (original)
+++ struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel1.ftl Sat Feb 18 17:44:04 2012
@@ -1,3 +1,3 @@
Hello, <br/>
-Today is ${todayDate}, the time now is ${todayTime}
+Today is ${todayDate?html}, the time now is ${todayTime?html}
Modified: struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel2Submit.ftl
URL: http://svn.apache.org/viewvc/struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel2Submit.ftl?rev=1290827&r1=1290826&r2=1290827&view=diff
==============================================================================
--- struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel2Submit.ftl (original)
+++ struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel2Submit.ftl Sat Feb 18 17:44:04 2012
@@ -1,2 +1,2 @@
-Hello, ${name}
+Hello, ${name?html}
Modified: struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel3Submit.ftl
URL: http://svn.apache.org/viewvc/struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel3Submit.ftl?rev=1290827&r1=1290826&r2=1290827&view=diff
==============================================================================
--- struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel3Submit.ftl (original)
+++ struts/struts2/trunk/apps/showcase/src/main/webapp/ajax/tabbedpanel/nodecorate/panel3Submit.ftl Sat Feb 18 17:44:04 2012
@@ -1,2 +1,2 @@
-So, you are a ${gender}
+So, you are a ${gender?html}
Modified: struts/struts2/trunk/apps/showcase/src/main/webapp/chat/showRoom.ftl
URL: http://svn.apache.org/viewvc/struts/struts2/trunk/apps/showcase/src/main/webapp/chat/showRoom.ftl?rev=1290827&r1=1290826&r2=1290827&view=diff
==============================================================================
--- struts/struts2/trunk/apps/showcase/src/main/webapp/chat/showRoom.ftl (original)
+++ struts/struts2/trunk/apps/showcase/src/main/webapp/chat/showRoom.ftl Sat Feb 18 17:44:04 2012
@@ -118,7 +118,7 @@
<div class="center">
<div class="box">
- <h3>Messages Posted In Room [${roomName?default('')}]</h3>
+ <h3>Messages Posted In Room [${roomName?default('')?html}]</h3>
<@s.url id="url" value="/chat/ajax/messagesAvailableInRoom.action" includeContext="true">
<@s.param name="roomName" value="%{roomName}" />
</...@s.url>
@@ -143,7 +143,7 @@
<div class="right">
<div class="box">
- <h3>Users Available In Room [${roomName?default('')}]</h3>
+ <h3>Users Available In Room [${roomName?default('')?html}]</h3>
<@s.url id="url" value="/chat/ajax/usersAvailableInRoom.action" includeContext="true">
<@s.param name="roomName" value="%{roomName}" />
</...@s.url>
Modified: struts/struts2/trunk/apps/showcase/src/main/webapp/chat/usersAvailable.ftl
URL: http://svn.apache.org/viewvc/struts/struts2/trunk/apps/showcase/src/main/webapp/chat/usersAvailable.ftl?rev=1290827&r1=1290826&r2=1290827&view=diff
==============================================================================
--- struts/struts2/trunk/apps/showcase/src/main/webapp/chat/usersAvailable.ftl (original)
+++ struts/struts2/trunk/apps/showcase/src/main/webapp/chat/usersAvailable.ftl Sat Feb 18 17:44:04 2012
@@ -1,6 +1,6 @@
<ul>
<#list availableUsers as user>
- <li>${user.name}</li>
+ <li>${user.name?html}</li>
</#list>
</ul>
Modified: struts/struts2/trunk/apps/showcase/src/main/webapp/continuations/guess.ftl
URL: http://svn.apache.org/viewvc/struts/struts2/trunk/apps/showcase/src/main/webapp/continuations/guess.ftl?rev=1290827&r1=1290826&r2=1290827&view=diff
==============================================================================
--- struts/struts2/trunk/apps/showcase/src/main/webapp/continuations/guess.ftl (original)
+++ struts/struts2/trunk/apps/showcase/src/main/webapp/continuations/guess.ftl Sat Feb 18 17:44:04 2012
@@ -6,7 +6,7 @@
<body>
<#list actionMessages as msg>
- ${msg}
+ ${msg?html}
</#list>
<@s.form action="guess" method="post">
Modified: struts/struts2/trunk/apps/showcase/src/main/webapp/person/list-people.ftl
URL: http://svn.apache.org/viewvc/struts/struts2/trunk/apps/showcase/src/main/webapp/person/list-people.ftl?rev=1290827&r1=1290826&r2=1290827&view=diff
==============================================================================
--- struts/struts2/trunk/apps/showcase/src/main/webapp/person/list-people.ftl (original)
+++ struts/struts2/trunk/apps/showcase/src/main/webapp/person/list-people.ftl Sat Feb 18 17:44:04 2012
@@ -13,9 +13,9 @@ There are ${peopleCount} people...
</tr>
<#list people as person>
<tr>
- <td>${person.id}</td>
- <td>${person.name}</td>
- <td>${person.lastName}</td>
+ <td>${person.id?html}</td>
+ <td>${person.name?html}</td>
+ <td>${person.lastName?html}</td>
</tr>
</#list>
</table>
Modified: struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/actionPrefix.ftl
URL: http://svn.apache.org/viewvc/struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/actionPrefix.ftl?rev=1290827&r1=1290826&r2=1290827&view=diff
==============================================================================
--- struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/actionPrefix.ftl (original)
+++ struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/actionPrefix.ftl Sat Feb 18 17:44:04 2012
@@ -8,7 +8,7 @@
You have come to this page because you used an 'action' prefix.<p/>
- The text you've enter is ${text?default('')}<p/>
+ The text you've entered is ${text?default('')?html}<p/>
<@s.url id="url" action="actionPrefixExampleUsingFreemarker" namespace="/tags/non-ui/actionPrefix" />
<@s.a href="%{#url}">Back</...@s.a>
Modified: struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/methodPrefix.ftl
URL: http://svn.apache.org/viewvc/struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/methodPrefix.ftl?rev=1290827&r1=1290826&r2=1290827&view=diff
==============================================================================
--- struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/methodPrefix.ftl (original)
+++ struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/methodPrefix.ftl Sat Feb 18 17:44:04 2012
@@ -8,7 +8,7 @@
You have come to this page because you used an 'method' prefix.<p/>
- The text you've enter is ${text?default('')}<p/>
+ The text you've enter is ${text?default('')?html}<p/>
<@s.url id="url" action="actionPrefixExampleUsingFreemarker" namespace="/tags/non-ui/actionPrefix" />
<@s.a href="%{#url}">Back</...@s.a>
Modified: struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/redirectActionPrefix.ftl
URL: http://svn.apache.org/viewvc/struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/redirectActionPrefix.ftl?rev=1290827&r1=1290826&r2=1290827&view=diff
==============================================================================
--- struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/redirectActionPrefix.ftl (original)
+++ struts/struts2/trunk/apps/showcase/src/main/webapp/tags/non-ui/actionPrefix/redirectActionPrefix.ftl Sat Feb 18 17:44:04 2012
@@ -11,7 +11,7 @@
Because this is a 'redirect-action', the text will be lost, due to a redirection
implies a new request being issued from the client.<p/>
- The text you've enter is ${text?default('')}<p/>
+ The text you've enter is ${text?default('')?html}<p/>
<@s.url id="url" action="actionPrefixExampleUsingFreemarker" namespace="/tags/non-ui/actionPrefix" />
<@s.a href="%{#url}">Back</...@s.a>