From bfa9075bbaca76df322a320f197216aeb3ccbfb3 Mon Sep 17 00:00:00 2001 From: srosse <none@none> Date: Fri, 20 Dec 2013 10:50:23 +0100 Subject: [PATCH] OO-875: doesn't escape the description of a map as it contains HTML code --- .../java/org/olat/portfolio/ui/structel/_content/multiMaps.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/org/olat/portfolio/ui/structel/_content/multiMaps.html b/src/main/java/org/olat/portfolio/ui/structel/_content/multiMaps.html index 6d4665214b6..b9a373c6e50 100644 --- a/src/main/java/org/olat/portfolio/ui/structel/_content/multiMaps.html +++ b/src/main/java/org/olat/portfolio/ui/structel/_content/multiMaps.html @@ -23,7 +23,7 @@ #if($map.getClass().getSimpleName() == "EPStructuredMapTemplate") #set($addTempStamp = "template") #end <li class="$!mapStyles.get($index) $!addTempStamp"> <h4>$r.escapeHtml($map.title)</h4> - <div class="b_map_descr">$r.escapeHtml($map.shortenedDescription)</div> + <div class="b_map_descr">$r.xssScan($map.shortenedDescription)</div> <div class="b_map_info"> #if ($owners.get($index)) <p>$r.translate("map.owners", $r.escapeHtml($owners.get($index))) </p> #end <p>$amounts.get($index) -- GitLab