Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
Genesys PGR
Genesys Backend
Commits
4bdca24c
Commit
4bdca24c
authored
Jun 07, 2016
by
Matija Obreza
Browse files
Mitigating XSS
parent
9bd483f5
Changes
4
Hide whitespace changes
Inline
Side-by-side
src/main/webapp/WEB-INF/jsp/user/edit.jsp
View file @
4bdca24c
<!DOCTYPE html>
<%@include
file=
"/WEB-INF/jsp/init.jsp"
%>
<%@ taglib
prefix=
"form"
uri=
"http://www.springframework.org/tags/form"
%>
<html>
<head>
...
...
@@ -15,13 +16,13 @@
<div
class=
"form-group"
>
<label
for=
"name"
class=
"col-lg-2 control-label"
><spring:message
code=
"registration.full-name"
/></label>
<div
class=
"col-lg-3"
>
<input
type=
"text"
id=
"name"
name=
"name"
class=
"span3 form-control"
value=
"${
user.name
}
"
/>
<
form:
input
id=
"name"
name=
"name"
class=
"span3 form-control"
path=
"
user.name"
/>
</div>
</div>
<div
class=
"form-group"
>
<label
for=
"email"
class=
"col-lg-2 control-label"
><spring:message
code=
"registration.email"
/></label>
<div
class=
"col-lg-3"
>
<input
type=
"text"
id=
"email"
name=
"email"
class=
"span3 form-control"
value=
"${
user.email
}
"
/>
<
form:
input
id=
"email"
name=
"email"
class=
"span3 form-control"
path=
"
user.email"
/>
</div>
</div>
...
...
src/main/webapp/WEB-INF/jsp/user/index.jsp
View file @
4bdca24c
...
...
@@ -21,8 +21,8 @@
<c:forEach
items=
"
${
pagedData
.
content
}
"
var=
"user"
varStatus=
"status"
>
<tr
class=
"clearfix ${status.count % 2 == 0 ? 'even' : 'odd'}"
>
<td><c:if
test=
"
${
not
user
.
systemAccount
}
"
><a
href=
"
<c:url
value=
"/profile/${user.uuid}"
/>
"
><c:out
value=
"
${
user
.
name
}
"
/></a></c:if></td>
<td>
${user.uuid}
</td>
<td>
${user.email}
</td>
<td>
<c:out
value=
"
${
user
.
uuid
}
"
/>
</td>
<td>
<c:out
value=
"
${
user
.
email
}
"
/>
</td>
<td>
<c:if
test=
"
${
user
.
systemAccount
}
"
>
SYSTEM
</c:if>
<c:if
test=
"
${
not
user
.
enabled
}
"
>
DISABLED
</c:if>
...
...
src/main/webapp/WEB-INF/jsp/user/profile.jsp
View file @
4bdca24c
...
...
@@ -16,13 +16,13 @@
<div
class=
"form-horizontal"
>
<div
class=
"form-group"
>
<label
for=
"password"
class=
"col-lg-2 control-label"
><spring:message
code=
"user.full-name"
/></label>
<div
class=
"col-lg-5"
>
${user.name}
</div>
<div
class=
"col-lg-5"
>
<c:out
value=
"
${
user
.
name
}
"
/>
</div>
</div>
<security:authorize
access=
"hasRole('ADMINISTRATOR') || (isAuthenticated() && principal.user.id == #user.id)"
>
<div
class=
"form-group"
>
<label
for=
"password"
class=
"col-lg-2 control-label"
><spring:message
code=
"user.email"
/></label>
<div
class=
"col-lg-5"
>
${user.email}
</div>
<div
class=
"col-lg-5"
>
<c:out
value=
"
${
user
.
email
}
"
/>
</div>
</div>
<div
class=
"form-group"
>
...
...
src/main/webapp/WEB-INF/web.xml
View file @
4bdca24c
...
...
@@ -26,16 +26,18 @@
<!--<param-value>classpath:spring/application-context.xml</param-value>-->
<!--</context-param>-->
<context-param>
<param-name>
contextClass
</param-name>
<param-value>
org.springframework.web.context.support.AnnotationConfigWebApplicationContext
</param-value>
</context-param>
<context-param>
<param-name>
contextConfigLocation
</param-name>
<param-value>
org.genesys2.spring.config.ApplicationConfig
</param-value>
</context-param>
<context-param>
<param-name>
contextClass
</param-name>
<param-value>
org.springframework.web.context.support.AnnotationConfigWebApplicationContext
</param-value>
</context-param>
<context-param>
<param-name>
contextConfigLocation
</param-name>
<param-value>
org.genesys2.spring.config.ApplicationConfig
</param-value>
</context-param>
<context-param>
<param-name>
defaultHtmlEscape
</param-name>
<param-value>
true
</param-value>
</context-param>
<listener>
<listener-class>
com.hazelcast.web.SessionListener
</listener-class>
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment