Patrick.Sy/spring-petclinic
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-petclinic.git synced 2025-07-15 12:25:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

used tag c:out for EL to prevent HTML injection

Browse source
This commit is contained in:
Mic 2013-01-19 03:02:12 +08:00
parent d88b565d28
commit 95cb32d86d
3 changed files with 16 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
src/main/webapp/WEB-INF/jsp/owners/ownerDetails.jsp
View file

@ -17,19 +17,19 @@
<table class="table table-striped" style="width:600px;">
<tr>
<th>Name</th>
<td><b>${owner.firstName} ${owner.lastName}</b></td>
<td><b><c:out value="${owner.firstName} ${owner.lastName}"/></b></td>
</tr>
<tr>
<th>Address</th>
<td>${owner.address}</td>
<td><c:out value="${owner.address}"/></td>
</tr>
<tr>
<th>City</th>
<td>${owner.city}</td>
<td><c:out value="${owner.city}"/></td>
</tr>
<tr>
<th>Telephone </th>
<td>${owner.telephone}</td>
<td><c:out value="${owner.telephone}"/></td>
</tr>
</table>
<table class="table-buttons">
@ -57,11 +57,11 @@
<td valign="top" style="width: 120px;">
<dl class="dl-horizontal">
<dt>Name</dt>
<dd>${pet.name}</dd>
<dd><c:out value="${pet.name}"/></dd>
<dt>Birth Date</dt>
<dd><joda:format value="${pet.birthDate}" pattern="yyyy-MM-dd" /></dd>
<dt>Type</dt>
<dd>${pet.type.name}</dd>
<dd><c:out value="${pet.type.name}"/></dd>
</dl>
</td>
<td valign="top">
@ -75,7 +75,7 @@
<c:forEach var="visit" items="${pet.visits}">
<tr>
<td><joda:format value="${visit.date}" pattern="yyyy-MM-dd"/></td>
<td>${visit.description}</td>
<td><c:out value="${visit.description}"/></td>
</tr>
</c:forEach>
</table>

10
src/main/webapp/WEB-INF/jsp/owners/ownersList.jsp
View file

@ -29,14 +29,14 @@
<spring:url value="owners/{ownerId}.html" var="ownerUrl">
<spring:param name="ownerId" value="${owner.id}"/>
</spring:url>
<a href="${fn:escapeXml(ownerUrl)}">${owner.firstName} ${owner.lastName}</a>
<a href="${fn:escapeXml(ownerUrl)}"><c:out value="${owner.firstName} ${owner.lastName}" /></a>
</td>
<td>${owner.address}</td>
<td>${owner.city}</td>
<td>${owner.telephone}</td>
<td><c:out value="${owner.address}"/></td>
<td><c:out value="${owner.city}"/></td>
<td><c:out value="${owner.telephone}"/></td>
<td>
<c:forEach var="pet" items="${owner.pets}">
${pet.name} &nbsp;
<c:out value="${pet.name}"/>
</c:forEach>
</td>
</tr>

8
src/main/webapp/WEB-INF/jsp/pets/createOrUpdateVisitForm.jsp
View file

@ -25,10 +25,10 @@
</tr>
</thead>
<tr>
<td>${visit.pet.name}</td>
<td><c:out value="${visit.pet.name}" /></td>
<td><joda:format value="${visit.pet.birthDate}" pattern="yyyy-MM-dd"/></td>
<td>${visit.pet.type.name}</td>
<td>${visit.pet.owner.firstName} ${visit.pet.owner.lastName}</td>
<td><c:out value="${visit.pet.type.name}" /></td>
<td><c:out value="${visit.pet.owner.firstName} ${visit.pet.owner.lastName}" /></td>
</tr>
</table>
@ -71,7 +71,7 @@
<c:if test="${!visit['new']}">
<tr>
<td><joda:format value="${visit.date}" pattern="yyyy-MM-dd"/></td>
<td>${visit.description}</td>
<td><c:out value="${visit.description}" /></td>
</tr>
</c:if>
</c:forEach>