aboutsummaryrefslogtreecommitdiff
path: root/juick-www/src/main/java/com/juick/www/Discover.java
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2016-08-28 18:38:15 +0300
committerGravatar Vitaly Takmazov2016-08-28 18:38:15 +0300
commit14f111c2e3f20f563dfbe17181f77bfaa9cd57ef (patch)
tree6ed744340e137f1112642182e41cbcb8ed030afe /juick-www/src/main/java/com/juick/www/Discover.java
parent7092b70a8a92fc1fdfaa8a2c54ec7a2037f8790c (diff)
Tags: should be escaped in db and unescaped in templates
Diffstat (limited to 'juick-www/src/main/java/com/juick/www/Discover.java')
-rw-r--r--juick-www/src/main/java/com/juick/www/Discover.java3
1 files changed, 2 insertions, 1 deletions
diff --git a/juick-www/src/main/java/com/juick/www/Discover.java b/juick-www/src/main/java/com/juick/www/Discover.java
index 1954aac9..4fd8c3b6 100644
--- a/juick-www/src/main/java/com/juick/www/Discover.java
+++ b/juick-www/src/main/java/com/juick/www/Discover.java
@@ -20,6 +20,7 @@ package com.juick.www;
import com.juick.server.AdsQueries;
import com.juick.server.MessagesQueries;
import com.juick.server.TagQueries;
+import org.apache.commons.lang3.StringEscapeUtils;
import org.springframework.jdbc.core.JdbcTemplate;
import javax.servlet.ServletException;
@@ -73,7 +74,7 @@ public class Discover {
int visitor_uid = visitor.getUID();
- String title = "*" + Utils.encodeHTML(paramTag.getName());
+ String title = "*" + StringEscapeUtils.escapeHtml4(paramTag.getName());
List<Integer> mids = MessagesQueries.getTag(sql, paramTag.TID, visitor_uid, paramBefore, (visitor_uid == 0) ? 40 : 20);
response.setContentType("text/html; charset=UTF-8");