You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@isis.apache.org by ah...@apache.org on 2022/06/15 15:43:56 UTC
[isis] branch master updated: ISIS-3077: fixes Wicket Viewer XSS vulnerability
This is an automated email from the ASF dual-hosted git repository.
ahuber pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/isis.git
The following commit(s) were added to refs/heads/master by this push:
new 3d599511d2 ISIS-3077: fixes Wicket Viewer XSS vulnerability
3d599511d2 is described below
commit 3d599511d2424c87617689a674b39ce1d75bffe2
Author: Andi Huber <ah...@apache.org>
AuthorDate: Wed Jun 15 17:43:50 2022 +0200
ISIS-3077: fixes Wicket Viewer XSS vulnerability
- use a Wicket Label instead of a Markup (plain html) component when
rendering scalar value output
---
.../isis/viewer/wicket/ui/components/scalars/ScalarPanelAbstract2.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/viewers/wicket/ui/src/main/java/org/apache/isis/viewer/wicket/ui/components/scalars/ScalarPanelAbstract2.java b/viewers/wicket/ui/src/main/java/org/apache/isis/viewer/wicket/ui/components/scalars/ScalarPanelAbstract2.java
index 0643f66943..e5426e7f0b 100644
--- a/viewers/wicket/ui/src/main/java/org/apache/isis/viewer/wicket/ui/components/scalars/ScalarPanelAbstract2.java
+++ b/viewers/wicket/ui/src/main/java/org/apache/isis/viewer/wicket/ui/components/scalars/ScalarPanelAbstract2.java
@@ -136,7 +136,7 @@ extends ScalarPanelAbstract {
}
return CompactFragment.LABEL
.createFragment(id, this, scalarValueId->
- Wkt.markup(scalarValueId, this::obtainOutputFormat));
+ Wkt.label(scalarValueId, this::obtainOutputFormat));
}
private boolean isUsingTextarea() {