diff options
author | Vitaly Takmazov | 2016-08-28 18:38:15 +0300 |
---|---|---|
committer | Vitaly Takmazov | 2016-08-28 18:38:15 +0300 |
commit | 14f111c2e3f20f563dfbe17181f77bfaa9cd57ef (patch) | |
tree | 6ed744340e137f1112642182e41cbcb8ed030afe /juick-www/src/main/java/com/juick/www/Discover.java | |
parent | 7092b70a8a92fc1fdfaa8a2c54ec7a2037f8790c (diff) |
Tags: should be escaped in db and unescaped in templates
Diffstat (limited to 'juick-www/src/main/java/com/juick/www/Discover.java')
-rw-r--r-- | juick-www/src/main/java/com/juick/www/Discover.java | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/juick-www/src/main/java/com/juick/www/Discover.java b/juick-www/src/main/java/com/juick/www/Discover.java index 1954aac9..4fd8c3b6 100644 --- a/juick-www/src/main/java/com/juick/www/Discover.java +++ b/juick-www/src/main/java/com/juick/www/Discover.java @@ -20,6 +20,7 @@ package com.juick.www; import com.juick.server.AdsQueries; import com.juick.server.MessagesQueries; import com.juick.server.TagQueries; +import org.apache.commons.lang3.StringEscapeUtils; import org.springframework.jdbc.core.JdbcTemplate; import javax.servlet.ServletException; @@ -73,7 +74,7 @@ public class Discover { int visitor_uid = visitor.getUID(); - String title = "*" + Utils.encodeHTML(paramTag.getName()); + String title = "*" + StringEscapeUtils.escapeHtml4(paramTag.getName()); List<Integer> mids = MessagesQueries.getTag(sql, paramTag.TID, visitor_uid, paramBefore, (visitor_uid == 0) ? 40 : 20); response.setContentType("text/html; charset=UTF-8"); |