Skip to content
Snippets Groups Projects
Commit dbc92dcd authored by Simon Urli's avatar Simon Urli
Browse files

XWIKI-20343: Sanitize template URLs

parent 8f5a889b
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
xwiki-platform-core/xwiki-platform-web/xwiki-platform-web-templates/src/main/resources/templates/resubmit.vm
+ 2
2
View file @ dbc92dcd
......@@ -29,8 +29,8 @@ $response.addHeader( "X-FRAME-OPTIONS", "DENY" )
<div class="main layoutsubsection">
<div id="mainContentArea">
#xwikimessageboxstart($services.localization.render('warning') $services.localization.render('csrf.confirmation'))
#set($resubmit = "$!{escapetool.xml($request.getParameter('resubmit'))}")
#set($xback = "$!{escapetool.xml($request.getParameter('xback'))}")
#getSanitizedURLAttributeValue('form','action', $request.getParameter('resubmit'), '', $resubmit)
#getSanitizedURLAttributeValue('a','href', $request.getParameter('xback'), $doc.getURL(), $xback)
<form action="$resubmit" method="post">
<div class="hidden">
## Valid CSRF token
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment