From 83824f6d533871f67f2e2461f190722eed9ba89f Mon Sep 17 00:00:00 2001
From: Erik Winlof <erik.winlof@alfresco.com>
Date: Fri, 9 Dec 2011 12:11:39 +0000
Subject: [PATCH] Fixed ALF-11922 "XSS attack occurs on start workflow with XSS
 properties."

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@32667 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
---
 .../ui/repo/component/property/BaseAssociationEditor.java   | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/source/java/org/alfresco/web/ui/repo/component/property/BaseAssociationEditor.java b/source/java/org/alfresco/web/ui/repo/component/property/BaseAssociationEditor.java
index 89c327beae..b99af533bc 100644
--- a/source/java/org/alfresco/web/ui/repo/component/property/BaseAssociationEditor.java
+++ b/source/java/org/alfresco/web/ui/repo/component/property/BaseAssociationEditor.java
@@ -812,9 +812,9 @@ public abstract class BaseAssociationEditor extends UIInput
       out.write("'");
       if (this.searchTerm != null)
       {
-         out.write(" value='");
-         out.write(this.searchTerm);
-         out.write("'");
+         out.write(" value=\"");
+         out.write(Utils.encode(this.searchTerm));
+         out.write("\"");
       }
       out.write("/>&nbsp;&nbsp;<input type='submit' value='");
       out.write(Application.getMessage(context, MSG_SEARCH));