Context Navigation

Changeset 5115

Timestamp:

07/24/08 07:57:56 (3 months ago)

Author:

jouni.koivuviita@…

Message:

Fixed a possible security vulnerability in IWindow. The window caption string was not escaped, and any HTML could be passed and parsed inside it.

Files:

r5062	r5115
492	492
493	493	public void setCaption(String c, String icon) {
494		String html = c;
	494	String html = Util.escapeHTML(c);
495	495	if (icon != null) {
496	496	icon = client.translateToolkitUri(icon);