svn commit: r1432392 - /ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/ModelScreenWidget.java

[jacopoc]

Author: jacopoc
Date: Sat Jan 12 07:49:20 2013
New Revision: 1432392

URL: http://svn.apache.org/viewvc?rev=1432392&view=rev
Log:
The content of the Screenlet title is now escaped to prevent the risk of an XSS 
attack.

Modified:
    
ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/ModelScreenWidget.java

Modified: 
ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/ModelScreenWidget.java
URL: 
http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/ModelScreenWidget.java?rev=1432392&r1=1432391&r2=1432392&view=diff
==============================================================================
--- 
ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/ModelScreenWidget.java 
(original)
+++ 
ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/ModelScreenWidget.java 
Sat Jan 12 07:49:20 2013
@@ -415,7 +415,12 @@ public abstract class ModelScreenWidget 
         }
 
         public String getTitle(Map<String, Object> context) {
-            return this.titleExdr.expandString(context);
+            String title = this.titleExdr.expandString(context);
+            StringUtil.SimpleEncoder simpleEncoder = 
(StringUtil.SimpleEncoder) context.get("simpleEncoder");
+            if (simpleEncoder != null) {
+                title = simpleEncoder.encode(title);
+            }
+            return title;
         }
 
         public Menu getNavigationMenu() {