Skip to content
Permalink
Browse files Browse the repository at this point in the history
Escaping of naviation text to prevent usage of script in nav elements.
  • Loading branch information
aKandzior committed Jul 22, 2021
1 parent 922d322 commit 800945f
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 5 deletions.
Expand Up @@ -42,8 +42,8 @@
<c:if test="${
((breadcrumbsIncludeHidden or (status.last and not cms.detailRequest)) and (navElem.navPosition > 0))
or (navElem.info ne 'ignoreInDefaultNav')}">
<c:set var="navText" value="${(empty navElem.navText or fn:startsWith(navElem.navText, '???'))
? navElem.title : navElem.navText}" />
<c:set var="navText"><c:out value="${(empty navElem.navText or fn:startsWith(navElem.navText, '???'))
? navElem.title : navElem.navText}" /></c:set>
<c:if test="${!empty navText}">
<c:set var="navLink"><cms:link>${navElem.resourceName}</cms:link></c:set>
<c:if test="${breadcrumbsFullPath or (navLink ne lastNavLink)}">
Expand Down
Expand Up @@ -188,8 +188,9 @@

<c:out value='<li${menuType}${megaMenu}>${empty menuType ? "" : nl}' escapeXml="false" />

<c:set var="navText" value="${(empty navElem.navText or fn:startsWith(navElem.navText, '???'))
? navElem.title : navElem.navText}" />
<c:set var="navText"><c:out value="${(empty navElem.navText or fn:startsWith(navElem.navText, '???'))
? navElem.title : navElem.navText}" /></c:set>


<c:choose>

Expand Down
Expand Up @@ -67,7 +67,7 @@
</c:otherwise>
</c:choose>

<c:set var="navText" value="${(empty navElem.navText or fn:startsWith(navElem.navText, '???')) ? navElem.title : navElem.navText}" />
<c:set var="navText"><c:out value="${(empty navElem.navText or fn:startsWith(navElem.navText, '???')) ? navElem.title : navElem.navText}" /></c:set>

<c:set var="menuType" value="${startSubMenu ? menuType.concat(' aria-expanded=\"false\"') : menuType}" />

Expand Down

0 comments on commit 800945f

Please sign in to comment.