Skip to content

Commit 5c20ff5

Browse files
committed
XWIKI-20612: Sanitize template URLs
1 parent d547210 commit 5c20ff5

File tree

1 file changed

+2
-1
lines changed
  • xwiki-platform-core/xwiki-platform-web/xwiki-platform-web-templates/src/main/resources/templates

1 file changed

+2
-1
lines changed

Diff for: xwiki-platform-core/xwiki-platform-web/xwiki-platform-web-templates/src/main/resources/templates/deletespace.vm

+2-1
Original file line numberDiff line numberDiff line change
@@ -29,8 +29,9 @@
2929
#end
3030
#set ($cancelURL = $doc.getURL())
3131
#if ($request.xredirect)
32+
## We don't sanitize this as it will be handled by the server
3233
#set ($redirectparam = "&xredirect=$escapetool.url($request.xredirect)")
33-
#set ($cancelURL = $request.xredirect)
34+
#getSanitizedURLAttributeValue('a','href',$request.xredirect,$doc.getURL(),$cancelURL)
3435
#end
3536
#if ($xwiki.hasRecycleBin())
3637
#set ($confirmationMessage = $services.localization.render('core.space.recyclebin.confirm', ["<em>${escapetool.xml($doc.space)}</em>"]))

0 commit comments

Comments
 (0)