Update of /var/cvs/html/mmbase/admin
In directory james.mmbase.org:/tmp/cvs-serv31303
Modified Files:
index.jsp
Log Message:
values directly acquired by EL, are, sadly, not automaticly correctly escaped
See also: http://cvs.mmbase.org/viewcvs/html/mmbase/admin
Index: index.jsp
===================================================================
RCS file: /var/cvs/html/mmbase/admin/index.jsp,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -b -r1.29 -r1.30
--- index.jsp 21 Mar 2008 17:23:45 -0000 1.29
+++ index.jsp 23 Apr 2008 08:09:43 -0000 1.30
@@ -74,7 +74,7 @@
<mm:frameworkparam
name="component">${b.component.name}</mm:frameworkparam>
<mm:frameworkparam
name="block">${b.name}</mm:frameworkparam>
<li class="${b.name eq block and
subcat.component.name eq component ? 'current' : ''}">
- <a title="${mm:string(b.description)}"
href="${_}">${mm:string(b.title)}
+ <a title="${mm:string(b.description)}"
href="${_}">${mm:escape('text/xml', mm:string(b.title))}
<span
class="component">(${b.component.name})</span>
</a>
</li>
@@ -90,7 +90,7 @@
</div>
<div id="content">
<c:catch var="exception">
- <h2 class="top">${mm:string(blockObject.title)}</h2>
+ <h2 class="top">${mm:string('text/xml',
mm:string(blockObject.title))}</h2>
<mm:component debug="xml" name="$component" block="${block}">
<mm:frameworkparam
name="category">${category}</mm:frameworkparam>
</mm:component>
_______________________________________________
Cvs mailing list
[email protected]
http://lists.mmbase.org/mailman/listinfo/cvs
