escapeXml

JeffersonLab · Oct 3, 2024 · 2a7135e · 2a7135e
1 parent 12e1f8c
commit 2a7135e
Show file tree

Hide file tree

Showing 8 changed files with 18 additions and 18 deletions.
diff --git a/src/main/webapp/WEB-INF/views/checklist.jsp b/src/main/webapp/WEB-INF/views/checklist.jsp
@@ -79,7 +79,7 @@
                                             </div>
                                             <div class="li-value">
                                                 <input type="text" id="author" name="author"
-                                                       value="${param.author ne null ? param.author : checklist.author}"/>
+                                                       value="${param.author ne null ? fn:escapeXml(param.author) : checklist.author}"/>
                                             </div>
                                         </li>
                                         <li>
@@ -96,7 +96,7 @@
                                                        for="comments">Revision Comment</label>
                                             </div>
                                             <div class="li-value">
-                                                <textarea id="comments" name="comments">${param.comments}</textarea>
+                                                <textarea id="comments" name="comments">${fn:escapeXml(param.comments)}</textarea>
                                             </div>
                                         </li>
                                     </ul>
@@ -186,7 +186,7 @@
                         <c:choose>
                             <c:when test="${editable}">
                                         <textarea name="bodyHtml" class="checklist-body">
-                                                ${param.bodyHtml ne null ? param.bodyHtml : checklist.bodyHtml}
+                                                ${param.bodyHtml ne null ? fn:escapeXml(param.bodyHtml) : checklist.bodyHtml}
                                         </textarea>
                             </c:when>
                             <c:otherwise>

diff --git a/src/main/webapp/WEB-INF/views/checklists/revision.jsp b/src/main/webapp/WEB-INF/views/checklists/revision.jsp
@@ -51,7 +51,7 @@
                         value="${history.checklist.groupResponsibility.system.name}"/> History</a>
             </li>
             <li>
-                Printable Checklist (Revision ${param.revision})
+                Printable Checklist (Revision ${fn:escapeXml(param.revision)})
             </li>
         </ul>
     </div>
@@ -62,7 +62,7 @@
                         value="${history.checklist.groupResponsibility.group.name.concat(' ').concat(history.checklist.groupResponsibility.system.name)} Checklist"/></h1>
                 <div class="dialog-content">
                     <div class="dialog-links dialog-only">
-                        <a href="${pageContext.request.contextPath}/checklists/revision?checklistHistoryId=${history.checklistHistoryId}&amp;revision=${param.revision}">Printer
+                        <a href="${pageContext.request.contextPath}/checklists/revision?checklistHistoryId=${history.checklistHistoryId}&amp;revision=${fn:escapeXml(param.revision)}">Printer
                             Friendly</a>
                     </div>
                     <div>

diff --git a/src/main/webapp/WEB-INF/views/masks/requests.jsp b/src/main/webapp/WEB-INF/views/masks/requests.jsp
@@ -134,7 +134,7 @@
                                         <label for="reason">Reason</label>
                                     </div>
                                     <div class="li-value">
-                                        <input type="text" name="reason" id="reason" value="${param.reason}"/>
+                                        <input type="text" name="reason" id="reason" value="${fn:escapeXml(param.reason)}"/>
                                         (use % as wildcard)
                                     </div>
                                 </li>

diff --git a/src/main/webapp/WEB-INF/views/reports/inventory-activity/category-audit.jsp b/src/main/webapp/WEB-INF/views/reports/inventory-activity/category-audit.jsp
@@ -23,15 +23,15 @@
                                     <label class="required-field" for="category-id">Category ID</label>
                                 </div>
                                 <div class="li-value">
-                                    <input type="text" id="category-id" name="categoryId" value="${param.categoryId}"/>
+                                    <input type="text" id="category-id" name="categoryId" value="${fn:escapeXml(param.categoryId)}"/>
                                 </div>
                             </li>
                             <li>
                                 <div class="li-key">
                                     <label for="revision-id">Revision ID</label>
                                 </div>
                                 <div class="li-value">
-                                    <input type="text" id="revision-id" name="revisionId" value="${param.revisionId}"/>
+                                    <input type="text" id="revision-id" name="revisionId" value="${fn:escapeXml(param.revisionId)}"/>
                                 </div>
                             </li>
                         </ul>

diff --git a/src/main/webapp/WEB-INF/views/reports/inventory-activity/component-audit.jsp b/src/main/webapp/WEB-INF/views/reports/inventory-activity/component-audit.jsp
@@ -24,15 +24,15 @@
                                 </div>
                                 <div class="li-value">
                                     <input type="text" id="component-id" name="componentId"
-                                           value="${param.componentId}"/>
+                                           value="${fn:escapeXml(param.componentId)}"/>
                                 </div>
                             </li>
                             <li>
                                 <div class="li-key">
                                     <label for="revision-id">Revision ID</label>
                                 </div>
                                 <div class="li-value">
-                                    <input type="text" id="revision-id" name="revisionId" value="${param.revisionId}"/>
+                                    <input type="text" id="revision-id" name="revisionId" value="${fn:escapeXml(param.revisionId)}"/>
                                 </div>
                             </li>
                         </ul>

diff --git a/src/main/webapp/WEB-INF/views/reports/inventory-activity/system-audit.jsp b/src/main/webapp/WEB-INF/views/reports/inventory-activity/system-audit.jsp
@@ -23,15 +23,15 @@
                                     <label class="required-field" for="system-id">System ID</label>
                                 </div>
                                 <div class="li-value">
-                                    <input type="text" id="system-id" name="systemId" value="${param.systemId}"/>
+                                    <input type="text" id="system-id" name="systemId" value="${fn:escapeXml(param.systemId)}"/>
                                 </div>
                             </li>
                             <li>
                                 <div class="li-key">
                                     <label for="revision-id">Revision ID</label>
                                 </div>
                                 <div class="li-value">
-                                    <input type="text" id="revision-id" name="revisionId" value="${param.revisionId}"/>
+                                    <input type="text" id="revision-id" name="revisionId" value="${fn:escapeXml(param.revisionId)}"/>
                                 </div>
                             </li>
                         </ul>

diff --git a/src/main/webapp/WEB-INF/views/setup/component-participation.jsp b/src/main/webapp/WEB-INF/views/setup/component-participation.jsp
@@ -117,7 +117,7 @@
                         </ul>
                     </fieldset>
                     <input type="hidden" id="offset-input" name="offset" value="0"/>
-                    <input type="hidden" id="max-input" name="max" value="${param.max}"/>
+                    <input type="hidden" id="max-input" name="max" value="${fn:esacpeXml(param.max)}"/>
                     <input type="submit" id="filter-form-submit-button" value="Apply"/>
                 </form>
             </s:filter-flyout-widget>

diff --git a/src/main/webapp/WEB-INF/views/setup/saved-signoff.jsp b/src/main/webapp/WEB-INF/views/setup/saved-signoff.jsp
@@ -16,11 +16,11 @@
             <script type="text/javascript">
                 $(function () {
                     $("#open-add-dialog-button").click();
-                    $("#system-select").val(${param.systemId});
-                    $("#group-select").val(${param.groupId});
-                    $("#region-select").val(${param.regionId});
-                    $("#filter-status-select").val(${param.statusId});
-                    $("#component").val('${param.component}');
+                    $("#system-select").val(${fn:escapeXml(param.systemId)});
+                    $("#group-select").val(${fn:escapeXml(param.groupId)});
+                    $("#region-select").val(${fn:escapeXml(param.regionId)});
+                    $("#filter-status-select").val(${fn:escapeXml(param.statusId)});
+                    $("#component").val('${fn:esacpeXml(param.component)}');
                 });
             </script>
         </c:if>