Skip to content

Commit

Permalink
LPS-100758 Escape journal article title to avoid potential XSS
Browse files Browse the repository at this point in the history
  • Loading branch information
@jkappler @brianchandotcom
jkappler authored and brianchandotcom committed Sep 25, 2019
1 parent 86e3f40 commit 4a6d2eb
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion ...nce/journal/journal-taglib/src/main/resources/META-INF/resources/journal_article/page.jsp
View file
Expand Up @@ -23,7 +23,7 @@ boolean showTitle = GetterUtil.getBoolean((String)request.getAttribute("liferay-

<div class="clearfix journal-content-article" data-analytics-asset-id="<%= articleDisplay.getArticleId() %>" data-analytics-asset-title="<%= HtmlUtil.escapeAttribute(articleDisplay.getTitle()) %>" data-analytics-asset-type="web-content">
<c:if test="<%= showTitle %>">
<%= articleDisplay.getTitle() %>
<%= HtmlUtil.escape(articleDisplay.getTitle()) %>
</c:if>

<%= articleDisplay.getContent() %>
Expand Down

0 comments on commit 4a6d2eb

Please sign in to comment.