LPS-117983 Escape structure name to avoid XSS

liferay · Jul 30, 2020 · c172c23 · c172c23
1 parent 2aed6ae
commit c172c23
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 5 deletions.
diff --git a/.../liferay/journal/web/internal/display/context/JournalManagementToolbarDisplayContext.java b/.../liferay/journal/web/internal/display/context/JournalManagementToolbarDisplayContext.java
@@ -44,6 +44,7 @@
 import com.liferay.portal.kernel.theme.ThemeDisplay;
 import com.liferay.portal.kernel.util.ArrayUtil;
 import com.liferay.portal.kernel.util.HashMapBuilder;
+import com.liferay.portal.kernel.util.HtmlUtil;
 import com.liferay.portal.kernel.util.ParamUtil;
 import com.liferay.portal.kernel.util.PortalUtil;
 import com.liferay.portal.kernel.util.WebKeys;
@@ -544,10 +545,11 @@ private CreationMenu _getCreationMenu() throws PortalException {
 							dropdownItem -> {
 								dropdownItem.setHref(portletURL);
 								dropdownItem.setLabel(
-									ddmStructure.getUnambiguousName(
-										ddmStructures,
-										_themeDisplay.getScopeGroupId(),
-										_themeDisplay.getLocale()));
+									HtmlUtil.escape(
+										ddmStructure.getUnambiguousName(
+											ddmStructures,
+											_themeDisplay.getScopeGroupId(),
+											_themeDisplay.getLocale())));
 							};
 
 						if (ArrayUtil.contains(

diff --git a/...s/apps/journal/journal-web/src/main/resources/META-INF/resources/select_ddm_structure.jsp b/...s/apps/journal/journal-web/src/main/resources/META-INF/resources/select_ddm_structure.jsp
@@ -53,7 +53,7 @@ SearchContainer<DDMStructure> ddmStructureSearch = journalSelectDDMStructureDisp
 						).put(
 							"ddmstructurekey", ddmStructure.getStructureKey()
 						).put(
-							"name", ddmStructure.getName(locale)
+							"name", HtmlUtil.escape(ddmStructure.getName(locale))
 						).build();
 						%>