Skip to content
Permalink
Browse files Browse the repository at this point in the history
LPS-100758 Escape journal article title to avoid potential XSS
  • Loading branch information
pavel-savinov authored and brianchandotcom committed Sep 3, 2019
1 parent 013a21d commit 7e063ae
Showing 1 changed file with 1 addition and 1 deletion.
Expand Up @@ -26,7 +26,7 @@ String wrapperCssClass = (String)request.getAttribute("liferay-journal:journal-a

<div class="journal-content-article <%= Validator.isNotNull(wrapperCssClass) ? wrapperCssClass : StringPool.BLANK %>" data-analytics-asset-id="<%= articleDisplay.getArticleId() %>" data-analytics-asset-title="<%= HtmlUtil.escapeAttribute(articleDisplay.getTitle()) %>" data-analytics-asset-type="web-content">
<c:if test="<%= showTitle %>">
<%= articleDisplay.getTitle() %>
<%= HtmlUtil.escape(articleDisplay.getTitle()) %>
</c:if>

<%= articleDisplay.getContent() %>
Expand Down

0 comments on commit 7e063ae

Please sign in to comment.