Anonymous avatar Anonymous committed 6b17397

Fixed HTML encoding.

git-svn-id: http://svn.opensymphony.com/svn/webwork/trunk@617 573baa09-0c28-0410-bef9-dab3c582ae83

Comments (0)

Files changed (1)

src/java/template/simple/doubleselect.vm

 </select>
 <script type="text/javascript">
 #set( $itemCount = $startCount )
-var $!{parameters.name}Group = new Array($!{parameters.listSize} + $startCount);
+var $!webwork.htmlEncode($parameters.name)Group = new Array($!{parameters.listSize} + $startCount);
 for (i = 0; i < ($!{parameters.listSize} + $startCount); i++)
-$!{parameters.name}Group[i] = new Array();
+$!webwork.htmlEncode($parameters.name)Group[i] = new Array();
 #foreach( $item in $items )
     $stack.push($item)
     #if( $parameters.listKey )
             #else
                 #set( $doubleItemValue = $doubleItem )
             #end
-            $!{parameters.name}Group[$itemCount][$doubleItemCount] = new Option("$doubleItemKey", "$doubleItemValue");
+            $!webwork.htmlEncode($parameters.name)Group[$itemCount][$doubleItemCount] = new Option("$doubleItemKey", "$doubleItemValue");
             #set( $doubleItemCount = $doubleItemCount + 1 )
             #set ($trash = $stack.pop())
         #end
     #end
     #set ($trash = $stack.pop())
 #end
-var $!{parameters.name}Temp = document.$!{parameters.formName}.$!{parameters.doubleName};
+var $!webwork.htmlEncode($parameters.name)Temp = document.$!webwork.htmlEncode(${parameters.formName}).$!webwork.htmlEncode(${parameters.doubleName});
 #set( $itemCount = $startCount )
 #set( $redirectTo = 0 )
 #foreach( $item in $items )
     #set( $itemCount = $itemCount + 1 )
     #set ($trash = $stack.pop())
 #end
-$!{parameters.name}Redirect($redirectTo);
-function $!{parameters.name}Redirect(x) {
-    for (m = $!{parameters.name}Temp.options.length - 1; m >= 0; m--)
-        $!{parameters.name}Temp.options[m] = null;
+$!{webwork.htmlEncode($parameters.name)}Redirect($redirectTo);
+function $!{webwork.htmlEncode($parameters.name)}Redirect(x) {
+    for (m = $!{webwork.htmlEncode($parameters.name)}Temp.options.length - 1; m >= 0; m--)
+        $!{webwork.htmlEncode($parameters.name)}Temp.options[m] = null;
 
     for (i = 0; i < $!{parameters.name}Group[x].length; i++) {
-        $!{parameters.name}Temp.options[i] = new Option($!{parameters.name}Group[x][i].text, $!{parameters.name}Group[x][i].value);
+        $!{webwork.htmlEncode($parameters.name)}Temp.options[i] = new Option($!{webwork.htmlEncode($parameters.name)}Group[x][i].text, $!{webwork.htmlEncode($parameters.name)}Group[x][i].value);
     }
 
     if ($!{parameters.name}Temp.options.length > 0)
-        $!{parameters.name}Temp.options[0].selected = true;
+        $!{webwork.htmlEncode($parameters.name)}Temp.options[0].selected = true;
 }
 </script>
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.