Skip to content
Snippets Groups Projects
Commit 95cb32d8 authored by Mic's avatar Mic
Browse files

used tag c:out for EL to prevent HTML injection

parent d88b565d
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/main/webapp/WEB-INF/jsp/owners/ownerDetails.jsp
+ 7
7
View file @ 95cb32d8
......@@ -17,19 +17,19 @@
<table class="table table-striped" style="width:600px;">
<tr>
<th>Name</th>
<td><b>${owner.firstName} ${owner.lastName}</b></td>
<td><b><c:out value="${owner.firstName} ${owner.lastName}"/></b></td>
</tr>
<tr>
<th>Address</th>
<td>${owner.address}</td>
<td><c:out value="${owner.address}"/></td>
</tr>
<tr>
<th>City</th>
<td>${owner.city}</td>
<td><c:out value="${owner.city}"/></td>
</tr>
<tr>
<th>Telephone </th>
<td>${owner.telephone}</td>
<td><c:out value="${owner.telephone}"/></td>
</tr>
</table>
<table class="table-buttons">
......@@ -57,11 +57,11 @@
<td valign="top" style="width: 120px;">
<dl class="dl-horizontal">
<dt>Name</dt>
<dd>${pet.name}</dd>
<dd><c:out value="${pet.name}"/></dd>
<dt>Birth Date</dt>
<dd><joda:format value="${pet.birthDate}" pattern="yyyy-MM-dd" /></dd>
<dt>Type</dt>
<dd>${pet.type.name}</dd>
<dd><c:out value="${pet.type.name}"/></dd>
</dl>
</td>
<td valign="top">
......@@ -75,7 +75,7 @@
<c:forEach var="visit" items="${pet.visits}">
<tr>
<td><joda:format value="${visit.date}" pattern="yyyy-MM-dd"/></td>
<td>${visit.description}</td>
<td><c:out value="${visit.description}"/></td>
</tr>
</c:forEach>
</table>
......
src/main/webapp/WEB-INF/jsp/owners/ownersList.jsp
+ 5
5
View file @ 95cb32d8
......@@ -29,14 +29,14 @@
<spring:url value="owners/{ownerId}.html" var="ownerUrl">
<spring:param name="ownerId" value="${owner.id}"/>
</spring:url>
<a href="${fn:escapeXml(ownerUrl)}">${owner.firstName} ${owner.lastName}</a>
<a href="${fn:escapeXml(ownerUrl)}"><c:out value="${owner.firstName} ${owner.lastName}" /></a>
</td>
<td>${owner.address}</td>
<td>${owner.city}</td>
<td>${owner.telephone}</td>
<td><c:out value="${owner.address}"/></td>
<td><c:out value="${owner.city}"/></td>
<td><c:out value="${owner.telephone}"/></td>
<td>
<c:forEach var="pet" items="${owner.pets}">
${pet.name} &nbsp;
<c:out value="${pet.name}"/>
</c:forEach>
</td>
</tr>
......
src/main/webapp/WEB-INF/jsp/pets/createOrUpdateVisitForm.jsp
+ 4
4
View file @ 95cb32d8
......@@ -25,10 +25,10 @@
</tr>
</thead>
<tr>
<td>${visit.pet.name}</td>
<td><c:out value="${visit.pet.name}" /></td>
<td><joda:format value="${visit.pet.birthDate}" pattern="yyyy-MM-dd"/></td>
<td>${visit.pet.type.name}</td>
<td>${visit.pet.owner.firstName} ${visit.pet.owner.lastName}</td>
<td><c:out value="${visit.pet.type.name}" /></td>
<td><c:out value="${visit.pet.owner.firstName} ${visit.pet.owner.lastName}" /></td>
</tr>
</table>
......@@ -71,7 +71,7 @@
<c:if test="${!visit['new']}">
<tr>
<td><joda:format value="${visit.date}" pattern="yyyy-MM-dd"/></td>
<td>${visit.description}</td>
<td><c:out value="${visit.description}" /></td>
</tr>
</c:if>
</c:forEach>
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment