RA-1424: escapeJs vulnerable to XSS (#92)

jnsereko · web-flow · commit 35f81901a4cb · 2021-06-23T19:44:22.000-05:00
diff --git a/omod/src/main/webapp/pages/userApp.gsp b/omod/src/main/webapp/pages/userApp.gsp
@@ -43,7 +43,7 @@
                 ${ui.message("referenceapplication.app.appId.label")} (${ ui.message("coreapps.formValidation.messages.requiredField.label") })
             </span>
         </label>
-        <input class="form-control form-control-sm form-control-lg form-control-md required" id="appId-field" type="text" name="appId" value="${userApp.appId ? ui.escapeJs(ui.escapeHtml(userApp.appId)) : ""}" size="80" placeholder="${ ui.message("referenceapplication.app.definition.placeholder") }" />
+        <input class="form-control form-control-sm form-control-lg form-control-md required" id="appId-field" type="text" name="appId" value="${userApp.appId ? ui.encodeJavaScript(ui.escapeHtml(userApp.appId)) : ""}" size="80" placeholder="${ ui.message("referenceapplication.app.definition.placeholder") }" />
         <%}%>
     </p>
     <p>
