Skip to content

Commit dbc92dc

Browse files
committed
XWIKI-20343: Sanitize template URLs
1 parent 8f5a889 commit dbc92dc

File tree

1 file changed

+2
-2
lines changed
  • xwiki-platform-core/xwiki-platform-web/xwiki-platform-web-templates/src/main/resources/templates

1 file changed

+2
-2
lines changed

Diff for: xwiki-platform-core/xwiki-platform-web/xwiki-platform-web-templates/src/main/resources/templates/resubmit.vm

+2-2
Original file line numberDiff line numberDiff line change
@@ -29,8 +29,8 @@ $response.addHeader( "X-FRAME-OPTIONS", "DENY" )
2929
<div class="main layoutsubsection">
3030
<div id="mainContentArea">
3131
#xwikimessageboxstart($services.localization.render('warning') $services.localization.render('csrf.confirmation'))
32-
#set($resubmit = "$!{escapetool.xml($request.getParameter('resubmit'))}")
33-
#set($xback = "$!{escapetool.xml($request.getParameter('xback'))}")
32+
#getSanitizedURLAttributeValue('form','action', $request.getParameter('resubmit'), '', $resubmit)
33+
#getSanitizedURLAttributeValue('a','href', $request.getParameter('xback'), $doc.getURL(), $xback)
3434
<form action="$resubmit" method="post">
3535
<div class="hidden">
3636
## Valid CSRF token

0 commit comments

Comments
 (0)