Update of
/var/cvs/contributions/CMSContainer/cmsc/taglib/src/java/com/finalist/cmsc/taglib/form
In directory
james.mmbase.org:/tmp/cvs-serv2755/cmsc/taglib/src/java/com/finalist/cmsc/taglib/form
Modified Files:
SelectTag.java
Log Message:
CMSC-782 Added the escapeXML method, preventing quotes to disappear or break
code.
See also:
http://cvs.mmbase.org/viewcvs/contributions/CMSContainer/cmsc/taglib/src/java/com/finalist/cmsc/taglib/form
See also: http://www.mmbase.org/jira/browse/CMSC-782
Index: SelectTag.java
===================================================================
RCS file:
/var/cvs/contributions/CMSContainer/cmsc/taglib/src/java/com/finalist/cmsc/taglib/form/SelectTag.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -b -r1.4 -r1.5
--- SelectTag.java 3 Mar 2008 13:02:04 -0000 1.4
+++ SelectTag.java 3 Mar 2008 15:56:01 -0000 1.5
@@ -19,6 +19,8 @@
import net.sf.mmapps.commons.util.StringUtil;
+import org.apache.commons.lang.StringEscapeUtils;
+
public class SelectTag extends SimpleTagSupport {
public String var;
@@ -51,10 +53,10 @@
String myOnChange = "";
if (!StringUtil.isEmpty(onchange)){
- myOnChange = " " + "onchange=\"" + onchange + "\"";
+ myOnChange = " " + "onchange=\"" +
StringEscapeUtils.escapeXml(onchange) + "\"";
}
- ctx.getOut().print("<select name=\"" + var + "\"" + myOnChange + ">");
+ ctx.getOut().print("<select name=\"" + StringEscapeUtils.escapeXml(var)
+ "\"" + myOnChange + ">");
JspFragment frag = getJspBody();
if (frag != null) {
frag.invoke(null);
_______________________________________________
Cvs mailing list
[email protected]
http://lists.mmbase.org/mailman/listinfo/cvs
