[MMBASE CVS] contributions/CMSContainer_Portlets/portlets-ecard/src/webapp/WEB-INF/templates/view/includes confirm.jsp viewecard.jsp

Wed, 08 Oct 2008 05:00:11 -0700 

Update of 
/var/cvs/contributions/CMSContainer_Portlets/portlets-ecard/src/webapp/WEB-INF/templates/view/includes
In directory 
james.mmbase.org:/tmp/cvs-serv15418/portlets-ecard/src/webapp/WEB-INF/templates/view/includes

Modified Files:
        confirm.jsp viewecard.jsp 
Log Message:
CMSC-1079 - Ecard did not check for HTML in user's output: fixed by adding 
escaper.


See also: 
http://cvs.mmbase.org/viewcvs/contributions/CMSContainer_Portlets/portlets-ecard/src/webapp/WEB-INF/templates/view/includes
See also: http://www.mmbase.org/jira/browse/CMSC-1079


Index: confirm.jsp
===================================================================
RCS file: 
/var/cvs/contributions/CMSContainer_Portlets/portlets-ecard/src/webapp/WEB-INF/templates/view/includes/confirm.jsp,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -b -r1.2 -r1.3
--- confirm.jsp 14 May 2007 06:45:54 -0000      1.2
+++ confirm.jsp 8 Oct 2008 11:59:49 -0000       1.3
@@ -1,6 +1,6 @@
 <c:out value="${confirmation}"/> <br>                  
 <mm:node number="${param.ecardId}" notfound="skip">
-       <fmt:message key="view.ecard.sentTo"/> <mm:field name="toemail"/> <br> 
-       <fmt:message key="view.ecard.sentText"/> <mm:field name="body"/>
+       <fmt:message key="view.ecard.sentTo"/> <mm:field name="toemail" 
escape="text/xml"/> <br> 
+       <fmt:message key="view.ecard.sentText"/> <mm:field name="body" 
escape="text/xml"/>
        <fmt:message key="view.ecard.sendagain"/> <a 
href="${funpage}"><fmt:message key="view.ecard.here"/></a>
 </mm:node>
\ No newline at end of file


Index: viewecard.jsp
===================================================================
RCS file: 
/var/cvs/contributions/CMSContainer_Portlets/portlets-ecard/src/webapp/WEB-INF/templates/view/includes/viewecard.jsp,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -b -r1.1 -r1.2
--- viewecard.jsp       11 May 2007 06:37:42 -0000      1.1
+++ viewecard.jsp       8 Oct 2008 11:59:49 -0000       1.2
@@ -16,11 +16,11 @@
                <br>
                <fmt:message key="view.ecard.from"/>                    
                <br>
-               <fmt:message key="view.ecard.fromName"/>  <mm:field 
name="fromname"/> <br>
+               <fmt:message key="view.ecard.fromName"/>  <mm:field 
name="fromname" escape="text/xml"/> <br>
                <fmt:message key="view.ecard.fromEmail"/> <mm:field 
name="fromemail"/> <br>
-               <fmt:message key="view.ecard.toName"/> <mm:field 
name="toname"/> <br>
+               <fmt:message key="view.ecard.toName"/> <mm:field name="toname" 
escape="text/xml"/> <br>
                <fmt:message key="view.ecard.toEmail"/> <mm:field 
name="toemail"/> <br>
-               <fmt:message key="view.ecard.textBody"/> <mm:field 
name="body"/> <br>
+               <fmt:message key="view.ecard.textBody"/> <mm:field name="body" 
escape="text/xml"/> <br>
        </c:if>         
 </mm:node>
 <cmsc:renderURL var="viewfunpage">
_______________________________________________
Cvs mailing list
[email protected]
http://lists.mmbase.org/mailman/listinfo/cvs

Reply via email to