Skip to content
This repository was archived by the owner on Jun 3, 2020. It is now read-only.

Commit f3792c7

Browse files
committed
1181152 - WebUI -> Admin -> Users XSS
1 parent d22c41b commit f3792c7

File tree

1 file changed

+3
-1
lines changed

1 file changed

+3
-1
lines changed

Diff for: java/code/webapp/WEB-INF/pages/admin/multiorg/sat_org_users.jsp

+3-1
Original file line numberDiff line numberDiff line change
@@ -55,7 +55,9 @@
5555
sortable="false"
5656
headerkey="realname.displayname"
5757
attr="userLastName">
58-
<c:out value="<a href=\"mailto:${current.address}\">${current.userLastName}, ${current.userFirstName}</a>" escapeXml="true"/>
58+
<c:out value="<a href=\"mailto:${current.address}\">" escapeXml="false" />
59+
<c:out value="${current.userLastName}, ${current.userFirstName}" escapeXml="true" />
60+
<c:out value="</a>" escapeXml="false" />
5961
</rl:column>
6062
<rl:column bound="false"
6163
sortable="false"

0 commit comments

Comments
 (0)