Skip to content

Commit

Permalink
LPS-125157 Escape to prevent possible XSS in the add menu items
Browse files Browse the repository at this point in the history
  • Loading branch information
pavel-savinov authored and brianchandotcom committed Dec 30, 2020
1 parent 672410d commit 162c069
Showing 1 changed file with 3 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@
import com.liferay.portal.kernel.portlet.LiferayPortletResponse;
import com.liferay.portal.kernel.service.ClassNameLocalServiceUtil;
import com.liferay.portal.kernel.theme.ThemeDisplay;
import com.liferay.portal.kernel.util.HtmlUtil;
import com.liferay.portal.kernel.util.WebKeys;

import java.util.List;
Expand Down Expand Up @@ -304,7 +305,7 @@ private String _getCollectionLayoutLabel(boolean privateLayout) {
if (layout != null) {
return LanguageUtil.format(
httpServletRequest, "add-child-collection-page-of-x",
layout.getName(_themeDisplay.getLocale()));
HtmlUtil.escape(layout.getName(_themeDisplay.getLocale())));
}

if (_isSiteTemplate()) {
Expand All @@ -326,7 +327,7 @@ private String _getLabel(boolean privateLayout) {
if (layout != null) {
return LanguageUtil.format(
httpServletRequest, "add-child-page-of-x",
layout.getName(_themeDisplay.getLocale()));
HtmlUtil.escape(layout.getName(_themeDisplay.getLocale())));
}

if (_isSiteTemplate()) {
Expand Down

0 comments on commit 162c069

Please sign in to comment.