myfaces-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lu4...@apache.org
Subject svn commit: r1393894 - in /myfaces/shared/trunk_2.0.x/core/src/main/java/org/apache/myfaces/shared/renderkit/html: HtmlCheckboxRendererBase.java HtmlRadioRendererBase.java
Date Thu, 04 Oct 2012 02:56:10 GMT
Author: lu4242
Date: Thu Oct  4 02:56:10 2012
New Revision: 1393894

URL: http://svn.apache.org/viewvc?rev=1393894&view=rev
Log:
TOMAHAWK-1637 Potential XSS security issue in FieldsetRenderer 

Modified:
    myfaces/shared/trunk_2.0.x/core/src/main/java/org/apache/myfaces/shared/renderkit/html/HtmlCheckboxRendererBase.java
    myfaces/shared/trunk_2.0.x/core/src/main/java/org/apache/myfaces/shared/renderkit/html/HtmlRadioRendererBase.java

Modified: myfaces/shared/trunk_2.0.x/core/src/main/java/org/apache/myfaces/shared/renderkit/html/HtmlCheckboxRendererBase.java
URL: http://svn.apache.org/viewvc/myfaces/shared/trunk_2.0.x/core/src/main/java/org/apache/myfaces/shared/renderkit/html/HtmlCheckboxRendererBase.java?rev=1393894&r1=1393893&r2=1393894&view=diff
==============================================================================
--- myfaces/shared/trunk_2.0.x/core/src/main/java/org/apache/myfaces/shared/renderkit/html/HtmlCheckboxRendererBase.java
(original)
+++ myfaces/shared/trunk_2.0.x/core/src/main/java/org/apache/myfaces/shared/renderkit/html/HtmlCheckboxRendererBase.java
Thu Oct  4 02:56:10 2012
@@ -162,7 +162,7 @@ public class HtmlCheckboxRendererBase ex
                 writer.startElement(HTML.TR_ELEM, selectMany);
             
             writer.startElement(HTML.TD_ELEM, selectMany);
-            writer.write(selectItem.getLabel());
+            writer.writeText(selectItem.getLabel(),HTML.LABEL_ATTR);
             writer.endElement(HTML.TD_ELEM);
             
             if (pageDirectionLayout) {

Modified: myfaces/shared/trunk_2.0.x/core/src/main/java/org/apache/myfaces/shared/renderkit/html/HtmlRadioRendererBase.java
URL: http://svn.apache.org/viewvc/myfaces/shared/trunk_2.0.x/core/src/main/java/org/apache/myfaces/shared/renderkit/html/HtmlRadioRendererBase.java?rev=1393894&r1=1393893&r2=1393894&view=diff
==============================================================================
--- myfaces/shared/trunk_2.0.x/core/src/main/java/org/apache/myfaces/shared/renderkit/html/HtmlRadioRendererBase.java
(original)
+++ myfaces/shared/trunk_2.0.x/core/src/main/java/org/apache/myfaces/shared/renderkit/html/HtmlRadioRendererBase.java
Thu Oct  4 02:56:10 2012
@@ -150,7 +150,7 @@ public class HtmlRadioRendererBase
                 writer.startElement(HTML.TR_ELEM, selectOne);
 
             writer.startElement(HTML.TD_ELEM, selectOne);
-            writer.write(selectItem.getLabel());
+            writer.writeText(selectItem.getLabel(),HTML.LABEL_ATTR);
             writer.endElement(HTML.TD_ELEM);
 
             if (pageDirectionLayout) {



Mime
View raw message