Commit 4bdca24c authored by Matija Obreza's avatar Matija Obreza

Mitigating XSS

parent 9bd483f5
<!DOCTYPE html>
<%@include file="/WEB-INF/jsp/init.jsp"%>
<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
<html>
<head>
......@@ -15,13 +16,13 @@
<div class="form-group">
<label for="name" class="col-lg-2 control-label"><spring:message code="registration.full-name" /></label>
<div class="col-lg-3">
<input type="text" id="name" name="name" class="span3 form-control" value="${user.name}" />
<form:input id="name" name="name" class="span3 form-control" path="user.name" />
</div>
</div>
<div class="form-group">
<label for="email" class="col-lg-2 control-label"><spring:message code="registration.email" /></label>
<div class="col-lg-3">
<input type="text" id="email" name="email" class="span3 form-control" value="${user.email}" />
<form:input id="email" name="email" class="span3 form-control" path="user.email" />
</div>
</div>
......
......@@ -21,8 +21,8 @@
<c:forEach items="${pagedData.content}" var="user" varStatus="status">
<tr class="clearfix ${status.count % 2 == 0 ? 'even' : 'odd'}">
<td><c:if test="${not user.systemAccount}"><a href="<c:url value="/profile/${user.uuid}" />"><c:out value="${user.name}" /></a></c:if></td>
<td>${user.uuid}</td>
<td>${user.email}</td>
<td><c:out value="${user.uuid}" /></td>
<td><c:out value="${user.email}" /></td>
<td>
<c:if test="${user.systemAccount}">SYSTEM</c:if>
<c:if test="${not user.enabled}">DISABLED</c:if>
......
......@@ -16,13 +16,13 @@
<div class="form-horizontal">
<div class="form-group">
<label for="password" class="col-lg-2 control-label"><spring:message code="user.full-name" /></label>
<div class="col-lg-5">${user.name}</div>
<div class="col-lg-5"><c:out value="${user.name}" /></div>
</div>
<security:authorize access="hasRole('ADMINISTRATOR') || (isAuthenticated() && principal.user.id == #user.id)">
<div class="form-group">
<label for="password" class="col-lg-2 control-label"><spring:message code="user.email" /></label>
<div class="col-lg-5">${user.email}</div>
<div class="col-lg-5"><c:out value="${user.email}" /></div>
</div>
<div class="form-group">
......
......@@ -26,16 +26,18 @@
<!--<param-value>classpath:spring/application-context.xml</param-value>-->
<!--</context-param>-->
<context-param>
<param-name>contextClass</param-name>
<param-value>
org.springframework.web.context.support.AnnotationConfigWebApplicationContext
</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>org.genesys2.spring.config.ApplicationConfig</param-value>
</context-param>
<context-param>
<param-name>contextClass</param-name>
<param-value>org.springframework.web.context.support.AnnotationConfigWebApplicationContext</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>org.genesys2.spring.config.ApplicationConfig</param-value>
</context-param>
<context-param>
<param-name>defaultHtmlEscape</param-name>
<param-value>true</param-value>
</context-param>
<listener>
<listener-class>com.hazelcast.web.SessionListener</listener-class>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment