Skip to content

Commit

Permalink
LPS-27281 - Escape ckEditorConfigFileName param in ckeditor.jsp
Browse files Browse the repository at this point in the history
  • Loading branch information
@ipeychev @brianchandotcom
ipeychev authored and brianchandotcom committed May 14, 2012
1 parent e3de21d commit acf5100
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions portal-web/docroot/html/js/editor/ckeditor.jsp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ if (Validator.isNull(doAsUserId)) {
long doAsGroupId = themeDisplay.getDoAsGroupId();
String ckEditorConfigFileName = ParamUtil.getString(request, "ckEditorConfigFileName", "ckconfig.jsp");
String ckEditorConfigFileName = HtmlUtil.escapeJS(ParamUtil.getString(request, "ckEditorConfigFileName", "ckconfig.jsp"));
boolean useCustomDataProcessor = false;
Expand Down Expand Up @@ -142,7 +142,7 @@ String toolbarSet = (String)request.getAttribute("liferay-ui:input-editor:toolba
(function() {
function setData() {
<c:if test="<%= Validator.isNotNull(initMethod) %>">
ckEditor.setData(<%= HtmlUtil.escape(namespace + initMethod) %>());
ckEditor.setData(<%= HtmlUtil.escapeJS(namespace + initMethod) %>());
</c:if>
}

Expand All @@ -169,7 +169,7 @@ String toolbarSet = (String)request.getAttribute("liferay-ui:input-editor:toolba
customConfig: '<%= PortalUtil.getPathContext() %>/html/js/editor/ckeditor/<%= ckEditorConfigFileName %>?p_l_id=<%= plid %>&p_p_id=<%= HttpUtil.encodeURL(portletId) %>&p_main_path=<%= HttpUtil.encodeURL(mainPath) %>&doAsUserId=<%= HttpUtil.encodeURL(doAsUserId) %>&doAsGroupId=<%= HttpUtil.encodeURL(String.valueOf(doAsGroupId)) %>&cssPath=<%= HttpUtil.encodeURL(themeDisplay.getPathThemeCss()) %>&cssClasses=<%= HttpUtil.encodeURL(cssClasses) %>&imagesPath=<%= HttpUtil.encodeURL(themeDisplay.getPathThemeImages()) %>&languageId=<%= HttpUtil.encodeURL(LocaleUtil.toLanguageId(locale)) %><%= configParams %>',
filebrowserBrowseUrl: '<%= PortalUtil.getPathContext() %>/html/js/editor/ckeditor/editor/filemanager/browser/liferay/browser.html?Connector=<%= connectorURL %><%= fileBrowserParams %>',
filebrowserUploadUrl: null,
toolbar: '<%= TextFormatter.format(HtmlUtil.escape(toolbarSet), TextFormatter.M) %>'
toolbar: '<%= TextFormatter.format(HtmlUtil.escapeJS(toolbarSet), TextFormatter.M) %>'
}
);

Expand Down

0 comments on commit acf5100

Please sign in to comment.