Fix/mnt 21506 sanitation create people (#756)

* MNT-21506: sanitize username on nodeBrowser Repo
2025-07-24 17:32:48 +00:00 · 2021-10-26 09:58:11 +01:00
parent 577de6bf4c
commit a2d9afcecc
1 changed files with 5 additions and 5 deletions
--- a/remote-api/src/main/resources/alfresco/templates/webscripts/org/alfresco/repository/admin/support-tools/admin-nodebrowser.get.html.ftl
+++ b/remote-api/src/main/resources/alfresco/templates/webscripts/org/alfresco/repository/admin/support-tools/admin-nodebrowser.get.html.ftl
@@ -33,7 +33,7 @@
      <#elseif v?is_number>
         ${v?c}
      <#elseif v?is_string>
-         "${v?string}"
+         "${v?html}"
      <#elseif v?is_hash>
         <#if v?keys?size gt maxDepth >
            <#stop "Max depth of object achieved">
@@ -188,7 +188,7 @@ ${url.serviceContext}/api/node/${nodeRef?replace("://","/")}/content;${prop?url}
         </tr>
         <#list result.children as n>
         <tr>
-            <td><a href="#" onclick="AdminConsole_childClick('${n.childRef}');return false;">${n.QName}</a></td>
+            <td><a href="#" onclick="AdminConsole_childClick('${n.childRef}');return false;">${n.QName?html}</a></td>
            <td><a href="#" onclick="AdminConsole_childClick('${n.childRef}');return false;">${n.childRef}</a></td>
            <td>${n.primary?string}</td>
            <td>${n.typeQName}</td>
@@ -222,7 +222,7 @@ ${url.serviceContext}/api/node/${nodeRef?replace("://","/")}/content;${prop?url}
         </tr>
         <#list result.parents as p>
         <tr>
-            <td>${p.name.prefixedName}</td>
+            <td>${p.name.prefixedName?html}</td>
            <td>${p.parentTypeName.prefixedName}</td>
            <td><a href="#" onclick="AdminConsole_parentClick('${p.parentRef}');return false;">${p.parentRef}</a></td></td>
            <td>${p.primary?string}</td>
@@ -280,7 +280,7 @@ ${url.serviceContext}/api/node/${nodeRef?replace("://","/")}/content;${prop?url}
      <@section label=msg("nodebrowser.permissions") />
      <table id="perminfo-table" class="node">
         <tr><td>${msg("nodebrowser.inherits")}: ${result.permissions.inherit?string}</td></tr>
-         <tr><td>${msg("nodebrowser.owner")}: ${result.permissions.owner!""}</td></tr>
+         <tr><td>${msg("nodebrowser.owner")}: <#if result.permissions.owner??>${result.permissions.owner?html}</#if></td></tr>
      </table>
      <table id="permissions-table" class="node grid">
         <tr>
@@ -291,7 +291,7 @@ ${url.serviceContext}/api/node/${nodeRef?replace("://","/")}/content;${prop?url}
         <#list result.permissions.entries as p>
         <tr>
            <td>${p.permission}</td>
-            <td>${p.authority}</td>
+            <td>${p.authority?html}</td>
            <td>${p.accessStatus}</td>
         </tr>
         </#list>