Skip to content
Permalink
Browse files Browse the repository at this point in the history
XWIKI-20456: Improved escaping of XWiki.ClassSheet
  • Loading branch information
manuelleduc committed Jan 3, 2023
1 parent 441d16c commit d7e5618
Show file tree
Hide file tree
Showing 4 changed files with 621 additions and 59 deletions.
Expand Up @@ -40,12 +40,14 @@
#set ($escapedValue = $escapetool.xml($value))
#if ($titleField.label)
<dt>
<label for="$!{options.id}Title">$services.localization.render($titleField.label)</label>
<span class="xHint">$!services.localization.render($titleField.hint)</span>
<label for="$escapetool.xml($!{options.id})Title">##
$escapetool.xml($services.localization.render($titleField.label))##
</label>
<span class="xHint">$!escapetool.xml($services.localization.render($titleField.hint))</span>
</dt>
<dd>
<input type="text" id="$!{options.id}Title" name="$titleField.name" value="$!escapedValue"
class="location-title-field" placeholder="$!services.localization.render($titleField.placeholder)" />
<input type="text" id="$escapetool.xml($!{options.id})Title" name="$escapetool.xml($titleField.name)" value="$!escapedValue"
class="location-title-field" placeholder="$escapetool.xml($!services.localization.render($titleField.placeholder))" />
</dd>
#elseif ($titleField)
<dt class="hidden"></dt>
Expand All @@ -60,8 +62,8 @@
## ---------------------------------------------------------------------------------------------------------
##
<dt>
<label>$services.localization.render($options.preview.label)</label>
<span class="xHint">$services.localization.render($options.preview.hint)</span>
<label>$escapetool.xml($services.localization.render($options.preview.label))</label>
<span class="xHint">$escapetool.xml($services.localization.render($options.preview.hint))</span>
</dt>
<dd>
#if ($isDocumentTreeAvailable)
Expand Down Expand Up @@ -113,8 +115,10 @@
#set ($escapedValue = $escapetool.xml($value))
#if ($wikiField.label && $displayWikiFields)
<dt>
<label for="$!{options.id}Wiki">$services.localization.render($wikiField.label)</label>
<span class="xHint">$!services.localization.render($wikiField.hint)</span>
<label for="$escapetool.xml($!{options.id})Wiki">##
$escapetool.xml($services.localization.render($wikiField.label))##
</label>
<span class="xHint">$!escapetool.xml($services.localization.render($wikiField.hint))</span>
</dt>
<dd>
<select id="$!{options.id}Wiki" name="$wikiField.name" class="location-wiki-field">
Expand Down Expand Up @@ -156,13 +160,15 @@
#end
#set ($escapedValue = $escapetool.xml($value))
<dt>
<label for="$!{options.id}ParentReference">$services.localization.render($parentField.label)</label>
<span class="xHint">$!services.localization.render($parentField.hint)</span>
<label for="$escapetool.xml($!{options.id})ParentReference">##
$escapetool.xml($services.localization.render($parentField.label))##
</label>
<span class="xHint">$!escapetool.xml($services.localization.render($parentField.hint))</span>
</dt>
<dd>
<input type="text" id="$!{options.id}ParentReference" class="location-parent-field suggestSpaces"
name="$parentField.name" value="$!escapedValue"
placeholder="$!services.localization.render($parentField.placeholder)" />
<input type="text" id="$escapetool.xml($!{options.id})ParentReference" class="location-parent-field suggestSpaces"
name="$escapetool.xml($parentField.name)" value="$!escapedValue"
placeholder="$!escapetool.xml($services.localization.render($parentField.placeholder))" />
</dd>
##
## ---------------------------------------------------------------------------------------------------------
Expand All @@ -177,13 +183,15 @@
#set ($escapedValue = $escapetool.xml($value))
#if ($nameField.label)
<dt>
<label for="$!{options.id}Name">$services.localization.render($nameField.label)</label>
<span class="xHint">$!services.localization.render($nameField.hint)</span>
<label for="$escapetool.xml($!{options.id})Name">##
$escapetool.xml($services.localization.render($nameField.label))##
</label>
<span class="xHint">$escapetool.xml($services.localization.render($nameField.hint))</span>
</dt>
<dd>
<input type="text" id="$!{options.id}Name" name="$nameField.name" class="location-name-field"
<input type="text" id="$escapetool.xml($!{options.id})Name" name="$escapetool.xml($nameField.name)" class="location-name-field"
value="$!escapedValue"
placeholder="$!services.localization.render($nameField.placeholder)" />
placeholder="$escapetool.xml($!services.localization.render($nameField.placeholder))" />
</dd>
#elseif ($nameField)
<dt class="hidden"></dt>
Expand Down
Expand Up @@ -85,5 +85,45 @@
<version>${project.version}</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.xwiki.platform</groupId>
<artifactId>xwiki-platform-rendering-xwiki</artifactId>
<version>${project.version}</version>
<scope>runtime</scope>
</dependency>
<!-- Test dependencies. -->
<dependency>
<groupId>org.xwiki.platform</groupId>
<artifactId>xwiki-platform-test-page</artifactId>
<version>${project.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.xwiki.platform</groupId>
<artifactId>xwiki-platform-web-templates</artifactId>
<version>${project.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.xwiki.platform</groupId>
<artifactId>xwiki-platform-livedata-macro</artifactId>
<version>${project.version}</version>
<scope>test</scope>
<type>test-jar</type>
</dependency>
<dependency>
<groupId>org.xwiki.platform</groupId>
<artifactId>xwiki-platform-rendering-xwiki</artifactId>
<version>${project.version}</version>
<scope>test</scope>
<type>test-jar</type>
</dependency>
<dependency>
<groupId>org.xwiki.platform</groupId>
<artifactId>xwiki-platform-rendering-configuration-default</artifactId>
<version>${project.version}</version>
<type>test-jar</type>
<scope>test</scope>
</dependency>
</dependencies>
</project>

0 comments on commit d7e5618

Please sign in to comment.