Skip to content
Permalink
Browse files Browse the repository at this point in the history
XWIKI-20294: Improve escaping in Applications Panel Configuration sheet
  • Loading branch information
vmassol committed Oct 27, 2022
1 parent 7b0f682 commit 6de5442
Showing 1 changed file with 7 additions and 6 deletions.
Expand Up @@ -84,14 +84,15 @@
<ul class="nav nav-pills applicationsPanel">
#foreach($app in $apps)
#set($params = $app.uix.getParameters())
#if("$!params.icon" != '' && "$!params.label" != '' && "$!params.target" != '' && $xwiki.hasAccessLevel('view', $xcontext.user, $params.target))
#if ($params.icon.startsWith('icon:'))
#set($icon = $services.icon.renderHTML($params.icon.substring(5)))
#set($normalizedIcon = $stringtool.substringBefore($!params.icon, ' '))
#if("$!normalizedIcon" != '' && "$!params.label" != '' && "$!params.target" != '' && $xwiki.hasAccessLevel('view', $xcontext.user, $params.target))
#if ($normalizedIcon.startsWith('icon:'))
#set($icon = $services.icon.renderHTML($normalizedIcon.substring(5)))
#else
#set($icon = $services.rendering.render($services.rendering.parse("image:${params.icon}", 'xwiki/2.1'), 'xhtml/1.0'))
#set($icon = $services.rendering.render($services.rendering.parse("image:${normalizedIcon}", 'xwiki/2.1'), 'xhtml/1.0'))
#end
<li class="draggableApp" id="$app.uix.id">
<a><span class="application-img">$icon </span> <span class="application-label">$params.label</a>
<li class="draggableApp" id="$escapetool.xml($app.uix.id)">
<a><span class="application-img">$icon </span> <span class="application-label">$escapetool.xml($params.label)</a>
</li>
#end
#end
Expand Down

0 comments on commit 6de5442

Please sign in to comment.