svn commit: r1860597 - in /ofbiz/ofbiz-framework/trunk/t
Locked
svn commit: r1860597 - in /ofbiz/ofbiz-framework/trunk/t
 
|
Author: deepak
Date: Tue Jun 4 10:49:17 2019 New Revision: 1860597 URL: http://svn.apache.org/viewvc?rev=1860597&view=rev Log: Fixed: Html escaping missing for renderLink parameters (OFBIZ-11090) Parameters vlaue should be escaped to avoid any kind of corss site scripting issue. Modified: ofbiz/ofbiz-framework/trunk/themes/common-theme/template/macro/HtmlFormMacroLibrary.ftl ofbiz/ofbiz-framework/trunk/themes/common-theme/template/macro/HtmlMenuMacroLibrary.ftl ofbiz/ofbiz-framework/trunk/themes/common-theme/template/macro/HtmlScreenMacroLibrary.ftl ofbiz/ofbiz-framework/trunk/themes/rainbowstone/template/macro/HtmlMenuMacroLibrary.ftl Modified: ofbiz/ofbiz-framework/trunk/themes/common-theme/template/macro/HtmlFormMacroLibrary.ftl URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/themes/common-theme/template/macro/HtmlFormMacroLibrary.ftl?rev=1860597&r1=1860596&r2=1860597&view=diff ============================================================================== --- ofbiz/ofbiz-framework/trunk/themes/common-theme/template/macro/HtmlFormMacroLibrary.ftl (original) +++ ofbiz/ofbiz-framework/trunk/themes/common-theme/template/macro/HtmlFormMacroLibrary.ftl Tue Jun 4 10:49:17 2019 @@ -681,7 +681,7 @@ Parameter: delegatorName, String, option <#macro makeHiddenFormLinkForm actionUrl name parameters targetWindow=""> <form method="post" action="${actionUrl}" <#if targetWindow?has_content>target="${targetWindow}"</#if> onsubmit="javascript:submitFormDisableSubmits(this)" name="${name}"> <#list parameters as parameter> - <input name="${parameter.name}" value="${parameter.value}" type="hidden"/> + <input name="${parameter.name}" value="${parameter.value?html}" type="hidden"/> </#list> </form> </#macro> Modified: ofbiz/ofbiz-framework/trunk/themes/common-theme/template/macro/HtmlMenuMacroLibrary.ftl URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/themes/common-theme/template/macro/HtmlMenuMacroLibrary.ftl?rev=1860597&r1=1860596&r2=1860597&view=diff ============================================================================== --- ofbiz/ofbiz-framework/trunk/themes/common-theme/template/macro/HtmlMenuMacroLibrary.ftl (original) +++ ofbiz/ofbiz-framework/trunk/themes/common-theme/template/macro/HtmlMenuMacroLibrary.ftl Tue Jun 4 10:49:17 2019 @@ -50,7 +50,7 @@ under the License. <#if linkType?has_content && "hidden-form" == linkType> <form method="post" action="${actionUrl}"<#if targetWindow?has_content> target="${targetWindow}"</#if> onsubmit="javascript:submitFormDisableSubmits(this)" name="${uniqueItemName}"><#rt/> <#list parameterList as parameter> -<input name="${parameter.name}" value="${parameter.value}" type="hidden"/><#rt/> +<input name="${parameter.name}" value="${parameter.value?html}" type="hidden"/><#rt/> </#list> </form><#rt/> </#if> @@ -58,7 +58,7 @@ under the License. <#local params = "{"presentation":"layer" "> <#if parameterList?has_content> <#list parameterList as parameter> - <#local params += ","${parameter.name}": "${parameter.value}""> + <#local params += ","${parameter.name}": "${parameter.value?html}""> </#list> </#if> <#local params += "}"> Modified: ofbiz/ofbiz-framework/trunk/themes/common-theme/template/macro/HtmlScreenMacroLibrary.ftl URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/themes/common-theme/template/macro/HtmlScreenMacroLibrary.ftl?rev=1860597&r1=1860596&r2=1860597&view=diff ============================================================================== --- ofbiz/ofbiz-framework/trunk/themes/common-theme/template/macro/HtmlScreenMacroLibrary.ftl (original) +++ ofbiz/ofbiz-framework/trunk/themes/common-theme/template/macro/HtmlScreenMacroLibrary.ftl Tue Jun 4 10:49:17 2019 @@ -95,7 +95,7 @@ under the License. <#if "hidden-form" == linkType> <form method="post" action="${actionUrl}" <#if targetWindow?has_content>target="${targetWindow}"</#if> onsubmit="javascript:submitFormDisableSubmits(this)" name="${uniqueItemName}"><#rt/> <#list parameterList as parameter> - <input name="${parameter.name}" value="${parameter.value}" type="hidden"/><#rt/> + <input name="${parameter.name}" value="${parameter.value?html}" type="hidden"/><#rt/> </#list> </form><#rt/> </#if> @@ -111,7 +111,7 @@ under the License. <#local params = "{"presentation":"layer" "> <#if parameterList?has_content> <#list parameterList as parameter> - <#local params += ","${parameter.name}": "${parameter.value}""> + <#local params += ","${parameter.name}": "${parameter.value?html}""> </#list> </#if> <#local params += "}"> Modified: ofbiz/ofbiz-framework/trunk/themes/rainbowstone/template/macro/HtmlMenuMacroLibrary.ftl URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/themes/rainbowstone/template/macro/HtmlMenuMacroLibrary.ftl?rev=1860597&r1=1860596&r2=1860597&view=diff ============================================================================== --- ofbiz/ofbiz-framework/trunk/themes/rainbowstone/template/macro/HtmlMenuMacroLibrary.ftl (original) +++ ofbiz/ofbiz-framework/trunk/themes/rainbowstone/template/macro/HtmlMenuMacroLibrary.ftl Tue Jun 4 10:49:17 2019 @@ -23,7 +23,7 @@ under the License. <#if linkType?has_content && "hidden-form" == linkType> <form method="post" action="${actionUrl}"<#if targetWindow?has_content> target="${targetWindow}"</#if> onsubmit="javascript:submitFormDisableSubmits(this)" name="${uniqueItemName}"><#rt/> <#list parameterList as parameter> - <input name="${parameter.name}" value="${parameter.value}" type="hidden"/><#rt/> + <input name="${parameter.name}" value="${parameter.value?html}" type="hidden"/><#rt/> </#list> </form><#rt/> </#if> @@ -31,7 +31,7 @@ under the License. <#local params = "{"presentation":"layer" "> <#if parameterList?has_content> <#list parameterList as parameter> - <#local params += ","${parameter.name}": "${parameter.value}""> + <#local params += ","${parameter.name}": "${parameter.value?html}""> </#list> </#if> <#local params += "}"> |
«
Return to OFBiz - Commits
|
1 view|%1 views
| Free forum by Nabble | Edit this page |