further escaping on approval page

closes #634
pull/653/head
Justin Richer 2014-07-19 23:30:41 -07:00
parent a192cc4620
commit 2a2a86a14d
1 changed files with 6 additions and 6 deletions

View File

@ -61,7 +61,7 @@
<c:if test="${ not empty client.logoUri }"> <c:if test="${ not empty client.logoUri }">
<ul class="thumbnails"> <ul class="thumbnails">
<li class="span5"> <li class="span5">
<a class="thumbnail" data-toggle="modal" data-target="#logoModal"><img src="${client.logoUri }" /></a> <a class="thumbnail" data-toggle="modal" data-target="#logoModal"><img src="${ fn:escapeXml(client.logoUri) }" /></a>
</li> </li>
</ul> </ul>
<!-- Modal --> <!-- Modal -->
@ -80,7 +80,7 @@
</h3> </h3>
</div> </div>
<div class="modal-body"> <div class="modal-body">
<img src="${client.logoUri }" /> <img src="${ fn:escapeXml(client.logoUri) }" />
<c:if test="${ not empty client.clientUri }"> <c:if test="${ not empty client.clientUri }">
<a href="<c:out value="${ client.clientUri }" />"><c:out value="${ client.clientUri }" /></a> <a href="<c:out value="${ client.clientUri }" />"><c:out value="${ client.clientUri }" /></a>
</c:if> </c:if>
@ -158,10 +158,10 @@
<c:forEach var="scope" items="${ scopes }"> <c:forEach var="scope" items="${ scopes }">
<label for="scope_${ scope.value }" class="checkbox"> <label for="scope_${ fn:escapeXml(scope.value) }" class="checkbox">
<input type="checkbox" name="scope_${ scope.value }" id="scope_${ scope.value }" value="${ scope.value }" checked="checked"> <input type="checkbox" name="scope_${ fn:escapeXml(scope.value) }" id="scope_${ fn:escapeXml(scope.value) }" value="${ fn:escapeXml(scope.value) }" checked="checked">
<c:if test="${ not empty scope.icon }"> <c:if test="${ not empty scope.icon }">
<i class="icon-${ scope.icon }"></i> <i class="icon-${ fn:escapeXml(scope.icon) }"></i>
</c:if> </c:if>
<c:choose> <c:choose>
<c:when test="${ not empty scope.description }"> <c:when test="${ not empty scope.description }">
@ -196,7 +196,7 @@
</c:if> </c:if>
<c:if test="${ scope.structured }"> <c:if test="${ scope.structured }">
<input name="scopeparam_${ scope.value }" type="text" value="${ scope.structuredValue }" placeholder="${scope.structuredParamDescription}"> <input name="scopeparam_${ fn:escapeXml(scope.value) }" type="text" value="${ fn:escapeXml(scope.structuredValue) }" placeholder="${ fn:escapeXml(scope.structuredParamDescription) }">
</c:if> </c:if>
</label> </label>