Skip to content

Commit

Permalink
XWIKI-20343: Sanitize template URLs
Browse files Browse the repository at this point in the history
  • Loading branch information
@surli
surli committed Feb 3, 2023
1 parent 8f5a889 commit dbc92dc
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions .../xwiki-platform-web/xwiki-platform-web-templates/src/main/resources/templates/resubmit.vm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,8 @@ $response.addHeader( "X-FRAME-OPTIONS", "DENY" )
<div class="main layoutsubsection">
<div id="mainContentArea">
#xwikimessageboxstart($services.localization.render('warning') $services.localization.render('csrf.confirmation'))
#set($resubmit = "$!{escapetool.xml($request.getParameter('resubmit'))}")
#set($xback = "$!{escapetool.xml($request.getParameter('xback'))}")
#getSanitizedURLAttributeValue('form','action', $request.getParameter('resubmit'), '', $resubmit)
#getSanitizedURLAttributeValue('a','href', $request.getParameter('xback'), $doc.getURL(), $xback)
<form action="$resubmit" method="post">
<div class="hidden">
## Valid CSRF token
Expand Down

0 comments on commit dbc92dc

Please # to comment.