Merge pull request #58 from jmmacdo4/master

EMPT-74. Fix XSS vulnerability on the manage privilege page
openmrs · Apr 1, 2021 · 4f85654 · 4f85654
2 parents 702fbfd + 27d8a63
commit 4f85654
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/omod/src/main/webapp/pages/metadata/privileges/privilege.gsp b/omod/src/main/webapp/pages/metadata/privileges/privilege.gsp
@@ -71,8 +71,8 @@
             initialValue : ui.encodeHtmlContent(privilege.privilege)
         ])}
     <% } else{ %>
-        <b>${ui.message("general.name")}:</b> ${privilege.privilege}
-        <input type="hidden" name="privilegeName" value="${privilege.privilege}" />
+        <b>${ui.message("general.name")}:</b> ${ui.encodeHtmlContent(privilege.privilege)}
+        <input type="hidden" name="privilegeName" value="${ui.encodeHtmlAttribute(privilege.privilege)}" />
     <% } %>
     ${ui.includeFragment("uicommons", "field/textarea", [
             label        : ui.message("general.description"),
@@ -86,4 +86,4 @@
         <input type="submit" class="confirm" id="save-button" value="${ui.message("general.save")}"/>
     </div>
     </fieldset>
-</form>
+</form>