inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed ETHREEOH-2888 "Incorrect system behavior on creating group with XSS in ASCII code and actions with it."

Browse Source 
- Id is now decoded in the action links
- Added nodeName validator to webclient for groupids (and username) since that is what is used in share (means that "<" and ">" characters now are forbidden)

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16958 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Erik Winlof
2009-10-15 11:57:59 +00:00
parent c350b0140a
commit edf3bf9d3f
3 changed files with 53 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
source/java/org/alfresco/web/ui/common/Utils.java
View File

@@ -270,6 +270,10 @@ public final class Utils extends StringUtils
buf.append(name);
buf.append("'].value='");
String val = params.get(name);
if(val != null)
{
val = Utils.encode(val);
}
val = replace(val, "\\", "\\\\"); // encode escape character
val = replace(val, "'", "\\'"); // encode single quote as we wrap string with that
buf.append(val);