[sling-org-apache-sling-app-cms] branch master updated: Fixing escaping

[dklco]

This is an automated email from the ASF dual-hosted git repository.

dklco pushed a commit to branch master
in repository 
https://gitbox.apache.org/repos/asf/sling-org-apache-sling-app-cms.git


The following commit(s) were added to refs/heads/master by this push:
     new 87d32a24 Fixing escaping
87d32a24 is described below

commit 87d32a24d1f2faa0e281defd183fcd5d1b383b59
Author: Dan Klco <k...@adobe.com>
AuthorDate: Wed Dec 7 09:22:04 2022 -0500

    Fixing escaping
---
 ui/src/main/frontend/js/cms.js                                        | 4 +++-
 .../libs/sling-cms/components/cms/startcontent/startcontent.jsp       | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/ui/src/main/frontend/js/cms.js b/ui/src/main/frontend/js/cms.js
index 43327cee..28ce9cd2 100644
--- a/ui/src/main/frontend/js/cms.js
+++ b/ui/src/main/frontend/js/cms.js
@@ -52,7 +52,9 @@ window.Sling.CMS = {
   ui: {
     confirmMessage(title, message, complete) {
       const modal = document.createElement('div');
-      modal.innerHTML = `<div class="modal-background"></div><div 
class="is-draggable modal-content"><div class="box"><h3 
class="modal-title">${title}</h3><p>${message}</p><br/><button type="button" 
class="close-modal button is-primary">OK</button></div></div><button 
class="modal-close is-large" aria-label="close"></button>`;
+      modal.innerHTML = `<div class="modal-background"></div><div 
class="is-draggable modal-content"><div class="box"><h3 
class="modal-title"></h3><p class="modal-message"></p><br/><button 
type="button" class="close-modal button 
is-primary">OK</button></div></div><button class="modal-close is-large" 
aria-label="close"></button>`;
+      modal.querySelector('.modal-title').textContent = title;
+      modal.querySelector('.modal-message').textContent = message;
       document.body.appendChild(modal);
       modal.classList.add('modal');
       modal.classList.add('is-active');
diff --git 
a/ui/src/main/resources/jcr_root/libs/sling-cms/components/cms/startcontent/startcontent.jsp
 
b/ui/src/main/resources/jcr_root/libs/sling-cms/components/cms/startcontent/startcontent.jsp
index d2943b5b..97343c21 100644
--- 
a/ui/src/main/resources/jcr_root/libs/sling-cms/components/cms/startcontent/startcontent.jsp
+++ 
b/ui/src/main/resources/jcr_root/libs/sling-cms/components/cms/startcontent/startcontent.jsp
@@ -43,7 +43,7 @@
                             <sling:encode 
value="${item.valueMap['jcr:content/jcr:title']}" default="${item.name}" 
mode="HTML" />
                         </c:when>
                         <c:otherwise>
-                            ${item.name}
+                            <sling:encode value="${item.name}" mode="HTML" />
                         </c:otherwise>
                     </c:choose>&nbsp;&mdash;&nbsp;
                     <small><fmt:formatDate 
value="${item.valueMap['jcr:content/jcr:lastModified'].time}" type="both" 
dateStyle="short" timeStyle="short" /></small>