svn commit: r1860600 - in /ofbiz/branches/release16.11: framework/widget/templates/ themes/rainbowstone/template/
Locked
svn commit: r1860600 - in /ofbiz/branches/release16.11: framework/widget/templates/ themes/rainbowstone/template/
 
|
Author: deepak
Date: Tue Jun 4 10:58:56 2019 New Revision: 1860600 URL: http://svn.apache.org/viewvc?rev=1860600&view=rev Log: Fixed: Html escaping missing for renderLink parameters (OFBIZ-11090) Parameters vlaue should be escaped to avoid any kind of corss site scripting issue. Modified: ofbiz/branches/release16.11/framework/widget/templates/HtmlFormMacroLibrary.ftl ofbiz/branches/release16.11/framework/widget/templates/HtmlMenuMacroLibrary.ftl ofbiz/branches/release16.11/framework/widget/templates/HtmlScreenMacroLibrary.ftl ofbiz/branches/release16.11/themes/rainbowstone/template/HtmlMenuMacroLibrary.ftl Modified: ofbiz/branches/release16.11/framework/widget/templates/HtmlFormMacroLibrary.ftl URL: http://svn.apache.org/viewvc/ofbiz/branches/release16.11/framework/widget/templates/HtmlFormMacroLibrary.ftl?rev=1860600&r1=1860599&r2=1860600&view=diff ============================================================================== --- ofbiz/branches/release16.11/framework/widget/templates/HtmlFormMacroLibrary.ftl (original) +++ ofbiz/branches/release16.11/framework/widget/templates/HtmlFormMacroLibrary.ftl Tue Jun 4 10:58:56 2019 @@ -860,7 +860,7 @@ Parameter: delegatorName, String, option <#macro makeHiddenFormLinkForm actionUrl name parameters targetWindow> <form method="post" action="${actionUrl}" <#if targetWindow?has_content>target="${targetWindow}"</#if> onsubmit="javascript:submitFormDisableSubmits(this)" name="${name}"> <#list parameters as parameter> - <input name="${parameter.name}" value="${parameter.value}" type="hidden"/> + <input name="${parameter.name}" value="${parameter.value?html}" type="hidden"/> </#list> </form> </#macro> Modified: ofbiz/branches/release16.11/framework/widget/templates/HtmlMenuMacroLibrary.ftl URL: http://svn.apache.org/viewvc/ofbiz/branches/release16.11/framework/widget/templates/HtmlMenuMacroLibrary.ftl?rev=1860600&r1=1860599&r2=1860600&view=diff ============================================================================== --- ofbiz/branches/release16.11/framework/widget/templates/HtmlMenuMacroLibrary.ftl (original) +++ ofbiz/branches/release16.11/framework/widget/templates/HtmlMenuMacroLibrary.ftl Tue Jun 4 10:58:56 2019 @@ -50,7 +50,7 @@ under the License. <#if linkType?has_content && "hidden-form" == linkType> <form method="post" action="${actionUrl}"<#if targetWindow?has_content> target="${targetWindow}"</#if> onsubmit="javascript:submitFormDisableSubmits(this)" name="${uniqueItemName}"><#rt/> <#list parameterList as parameter> -<input name="${parameter.name}" value="${parameter.value}" type="hidden"/><#rt/> +<input name="${parameter.name}" value="${parameter.value?html}" type="hidden"/><#rt/> </#list> </form><#rt/> </#if> @@ -63,7 +63,7 @@ under the License. function ${uniqueItemName}_data() { var data = { <#list parameterList as parameter> - "${parameter.name}": "${parameter.value}", + "${parameter.name}": "${parameter.value?html}", </#list> "presentation": "layer" }; Modified: ofbiz/branches/release16.11/framework/widget/templates/HtmlScreenMacroLibrary.ftl URL: http://svn.apache.org/viewvc/ofbiz/branches/release16.11/framework/widget/templates/HtmlScreenMacroLibrary.ftl?rev=1860600&r1=1860599&r2=1860600&view=diff ============================================================================== --- ofbiz/branches/release16.11/framework/widget/templates/HtmlScreenMacroLibrary.ftl (original) +++ ofbiz/branches/release16.11/framework/widget/templates/HtmlScreenMacroLibrary.ftl Tue Jun 4 10:58:56 2019 @@ -95,7 +95,7 @@ under the License. <#if "hidden-form" == linkType> <form method="post" action="${actionUrl}" <#if targetWindow?has_content>target="${targetWindow}"</#if> onsubmit="javascript:submitFormDisableSubmits(this)" name="${uniqueItemName}"><#rt/> <#list parameterList as parameter> - <input name="${parameter.name}" value="${parameter.value}" type="hidden"/><#rt/> + <input name="${parameter.name}" value="${parameter.value?html}" type="hidden"/><#rt/> </#list> </form><#rt/> </#if> @@ -116,7 +116,7 @@ under the License. function ${uniqueItemName}_data() { var data = { <#list parameterList as parameter> - "${parameter.name}": "${parameter.value}", + "${parameter.name}": "${parameter.value?html}", </#list> "presentation": "layer" }; Modified: ofbiz/branches/release16.11/themes/rainbowstone/template/HtmlMenuMacroLibrary.ftl URL: http://svn.apache.org/viewvc/ofbiz/branches/release16.11/themes/rainbowstone/template/HtmlMenuMacroLibrary.ftl?rev=1860600&r1=1860599&r2=1860600&view=diff ============================================================================== --- ofbiz/branches/release16.11/themes/rainbowstone/template/HtmlMenuMacroLibrary.ftl (original) +++ ofbiz/branches/release16.11/themes/rainbowstone/template/HtmlMenuMacroLibrary.ftl Tue Jun 4 10:58:56 2019 @@ -50,7 +50,7 @@ under the License. <#if linkType?has_content && "hidden-form" == linkType> <form method="post" action="${actionUrl}"<#if targetWindow?has_content> target="${targetWindow}"</#if> onsubmit="javascript:submitFormDisableSubmits(this)" name="${uniqueItemName}"><#rt/> <#list parameterList as parameter> - <input name="${parameter.name}" value="${parameter.value}" type="hidden"/><#rt/> + <input name="${parameter.name}" value="${parameter.value?html}" type="hidden"/><#rt/> </#list> </form><#rt/> </#if> @@ -63,7 +63,7 @@ under the License. function ${uniqueItemName}_data() { var data = { <#--list parameterList as parameter> - "${parameter.name}": "${parameter.value}", + "${parameter.name}": "${parameter.value?html}", </#list--> "presentation": "layer" }; |
«
Return to OFBiz - Commits
|
1 view|%1 views
| Free forum by Nabble | Edit this page |