Skip to content
Browse files

fixed the xss issue in layoutTitle

  • Loading branch information...
1 parent d10659d commit c1d13410a0a8d88841b6afcae7a7bfa0ebf5bad7 @bobbywarner bobbywarner committed
View
2 ...gin-gsp/src/main/groovy/org/codehaus/groovy/grails/plugins/web/taglib/RenderTagLib.groovy
@@ -286,7 +286,7 @@ class RenderTagLib implements RequestConstants {
* @attr default the value to use if the title isn't specified in the GSP
*/
Closure layoutTitle = { attrs ->
- String title = page.title
+ String title = page.title.encodeAsHTML()
if (!title && attrs.'default') title = attrs.'default'
if (title) out << title
}

0 comments on commit c1d1341

Please sign in to comment.
Something went wrong with that request. Please try again.