roller-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From snoopd...@apache.org
Subject svn commit: r539584 - /roller/trunk/web/WEB-INF/velocity/weblog.vm
Date Fri, 18 May 2007 20:08:19 GMT
Author: snoopdave
Date: Fri May 18 13:08:18 2007
New Revision: 539584

URL: http://svn.apache.org/viewvc?view=rev&rev=539584
Log:
Oops, we missed this comment field when we added XSS preventing escapeing

Modified:
    roller/trunk/web/WEB-INF/velocity/weblog.vm

Modified: roller/trunk/web/WEB-INF/velocity/weblog.vm
URL: http://svn.apache.org/viewvc/roller/trunk/web/WEB-INF/velocity/weblog.vm?view=diff&rev=539584&r1=539583&r2=539584
==============================================================================
--- roller/trunk/web/WEB-INF/velocity/weblog.vm (original)
+++ roller/trunk/web/WEB-INF/velocity/weblog.vm Fri May 18 13:08:18 2007
@@ -196,7 +196,7 @@
                 <p class="comment-details">
                 $text.get("macro.weblog.postedby")
                 #if (!$utils.isEmpty($comment.name) && !$utils.isEmpty($comment.url))
-                    <a rel="nofollow" href="$comment.url"><b>$utils.escapeHTML($comment.name)</b></a>
+                    <a rel="nofollow" href="$utils.escapeHTML($comment.url)"><b>$utils.escapeHTML($comment.name)</b></a>
                 #elseif (!$utils.isEmpty($comment.name))
                     <b>$utils.escapeHTML($comment.name)</b>
                 #elseif ($comment.remoteHost)



Mime
View raw message