Item2280: filter input data from tag_text

git-svn-id: http://svn.foswiki.org/trunk/TagsPlugin@5361 0b4bb1d4-4e5a-0410-9cc4-b2b747904278

data/System/TagsPluginTagDetailsSimple.txt

@@ -1,10 +1,10 @@
 %META:TOPICINFO{author="BaseUserMapping_333" date="1253875512" format="1.1" version="1.9"}%
 %META:TOPICPARENT{name="TagsPlugin"}%
 <!--
-      * Set TAGNAME = %URLPARAM{"tag" default="undef"}%
-      * Set TAGUSER = %URLPARAM{"taguser" default="undef"}%
-      * Set TAGWEB = %URLPARAM{"tagweb" default="undef"}%
-      * Set TAGTOPIC = %URLPARAM{"tagtopic" default="undef"}%
+      * Set TAGNAME = %URLPARAM{"tag" default="undef" encode="safe"}%
+      * Set TAGUSER = %URLPARAM{"taguser" default="undef" encode="safe"}%
+      * Set TAGWEB = %URLPARAM{"tagweb" default="undef" encode="safe"}%
+      * Set TAGTOPIC = %URLPARAM{"tagtopic" default="undef" encode="safe"}%
 -->
 
 <div style="text-align:left;">
@@ -39,4 +39,4 @@
 }%
 
 </noautolink>
-</div>
+</div>

lib/Foswiki/Plugins/TagsPlugin/Tag.pm

@@ -58,6 +58,13 @@ sub rest {
     $redirectto = Unicode::MapUTF8::from_utf8( { -string => $redirectto, -charset => $charset } );
     $user       = Unicode::MapUTF8::from_utf8( { -string => $user,       -charset => $charset } );
 
+    # sanatize the tag_text
+    $tag_text =~ s/&/&/g;
+    $tag_text =~ s/</&lt;/g;
+    $tag_text =~ s/>/&gt;/g;
+    $tag_text =~ s/'/&#039;/g;
+    $tag_text =~ s/"/&quot;/g;
+
     #
     # checking prerequisites
     #

pub/System/TagsPlugin/tagsplugin-base.js

@@ -83,6 +83,7 @@
                 var web   = foswiki.web;
                 var topic = foswiki.topic;
                 var tag   = $(event.target).closest("a[tag]").attr("tag");
+                alert(tag);
                 var user  = $(event.target).closest("a[tag]").attr("user");
                 $("#tagsplugin_processing img").show();
                 if ( $("#tagsplugin_dialog_details").size() == 0 ) {