From 96de014d52595e1e6d35f3dfc367253c65eca75d Mon Sep 17 00:00:00 2001
From: Paulo Gustavo Veiga <pveiga@wisemapping.com>
Date: Wed, 29 Aug 2012 19:42:24 -0300
Subject: [PATCH] Fix Javascript Injection bugs.

---
 wise-webapp/src/main/webapp/js/mindmapList.js | 19 -------------------
 .../src/main/webapp/jsp/mindmapDetail.jsp     |  8 ++++----
 .../src/main/webapp/jsp/mindmapEmbed.jsp      |  4 ++--
 .../src/main/webapp/jsp/mindmapList.jsp       |  2 +-
 .../src/main/webapp/jsp/mindmapPrint.jsp      |  4 ++--
 5 files changed, 9 insertions(+), 28 deletions(-)

diff --git a/wise-webapp/src/main/webapp/js/mindmapList.js b/wise-webapp/src/main/webapp/js/mindmapList.js
index e78f7e7d..fd9815a4 100644
--- a/wise-webapp/src/main/webapp/js/mindmapList.js
+++ b/wise-webapp/src/main/webapp/js/mindmapList.js
@@ -1,22 +1,3 @@
-jQuery.fn.dataTableExt.oSort['es_date-asc'] = function (a, b) {
-    var esDatea = a.split('/');
-    var esDateb = b.split('/');
-
-    var x = (esDatea[2] + esDatea[1] + esDatea[0]) * 1;
-    var y = (esDateb[2] + esDateb[1] + esDateb[0]) * 1;
-
-    return ((x < y) ? -1 : ((x > y) ? 1 : 0));
-};
-
-jQuery.fn.dataTableExt.oSort['es_date-desc'] = function (a, b) {
-    var esDatea = a.split('/');
-    var esDateb = b.split('/');
-
-    var x = (esDatea[2] + esDatea[1] + esDatea[0]) * 1;
-    var y = (esDateb[2] + esDateb[1] + esDateb[0]) * 1;
-
-    return ((x < y) ? 1 : ((x > y) ? -1 : 0));
-};
 
 $.fn.dataTableExt.oApi.fnReloadAjax = function (oSettings, sNewSource, fnCallback, bStandingRedraw) {
     if (typeof sNewSource != 'undefined' && sNewSource != null) {
diff --git a/wise-webapp/src/main/webapp/jsp/mindmapDetail.jsp b/wise-webapp/src/main/webapp/jsp/mindmapDetail.jsp
index 4137a3c3..c0617375 100644
--- a/wise-webapp/src/main/webapp/jsp/mindmapDetail.jsp
+++ b/wise-webapp/src/main/webapp/jsp/mindmapDetail.jsp
@@ -12,12 +12,12 @@
     <div class="tab-content">
         <div class="tab-pane fade active in" id="general">
             <ul class="unstyled">
-                <li><strong><spring:message code="NAME"/>:</strong> ${mindmap.title}</li>
-                <li><strong><spring:message code="DESCRIPTION"/>:</strong> ${mindmap.description}</li>
-                <li><strong><spring:message code="CREATOR"/>:</strong> ${mindmap.creator.fullName}</li>
+                <li><strong><spring:message code="NAME"/>:</strong> <c:out value="${mindmap.title}"/></li>
+                <li><strong><spring:message code="DESCRIPTION"/>:</strong> <c:out value="${mindmap.description}"/></li>
+                <li><strong><spring:message code="CREATOR"/>:</strong> <c:out value="${mindmap.creator.fullName}"/></li>
                 <li><strong><spring:message code="CREATION_TIME"/>:</strong> ${mindmap.creationTime}</li>
                 <li><strong><spring:message code="LAST_UPDATE"/>:</strong> ${mindmap.lastEditTime}</li>
-                <li><strong><spring:message code="LAST_UPDATE_BY"/>:</strong> ${mindmap.lastEditor}</li>
+                <li><strong><spring:message code="LAST_UPDATE_BY"/>:</strong> <c:out value="${mindmap.lastEditor}"/></li>
                 <li><strong> <spring:message code="STARRED"/>:</strong> ${mindmap.starred}</li>
             </ul>
         </div>
diff --git a/wise-webapp/src/main/webapp/jsp/mindmapEmbed.jsp b/wise-webapp/src/main/webapp/jsp/mindmapEmbed.jsp
index 600f56da..4d5c5e6b 100644
--- a/wise-webapp/src/main/webapp/jsp/mindmapEmbed.jsp
+++ b/wise-webapp/src/main/webapp/jsp/mindmapEmbed.jsp
@@ -78,8 +78,8 @@
         <div id="zoomOut" class="button"></div>
 
         <div id="mapDetails">
-            <span class="title"><spring:message code="CREATOR"/>:</span><span>${mindmap.creator.fullName}</span>
-            <span class="title"><spring:message code="DESCRIPTION"/>:</span><span>${mindmap.title}</span>
+            <span class="title"><spring:message code="CREATOR"/>:</span><span><c:out value="${mindmap.creator.fullName}"/></span>
+            <span class="title"><spring:message code="DESCRIPTION"/>:</span><span><c:out value="${mindmap.title}"/></span>
         </div>
     </div>
 </div>
diff --git a/wise-webapp/src/main/webapp/jsp/mindmapList.jsp b/wise-webapp/src/main/webapp/jsp/mindmapList.jsp
index 8bbabc57..75780f40 100644
--- a/wise-webapp/src/main/webapp/jsp/mindmapList.jsp
+++ b/wise-webapp/src/main/webapp/jsp/mindmapList.jsp
@@ -58,7 +58,7 @@
                         bUseRendered:false,
                         mDataProp:"title",
                         fnRender:function (obj) {
-                            return '<a href="c/maps/' + obj.aData.id + '/edit">' + obj.aData.title + '</a>';
+                            return $('<a href="c/maps/' + obj.aData.id + '/edit"></a>').text(obj.aData.title).html();
                         }
                     },
                     {
diff --git a/wise-webapp/src/main/webapp/jsp/mindmapPrint.jsp b/wise-webapp/src/main/webapp/jsp/mindmapPrint.jsp
index 5a2a8143..33280d54 100644
--- a/wise-webapp/src/main/webapp/jsp/mindmapPrint.jsp
+++ b/wise-webapp/src/main/webapp/jsp/mindmapPrint.jsp
@@ -113,8 +113,8 @@
         <div id="zoomIn" class="button"></div>
 
         <div id="mapDetails">
-            <span class="title"><spring:message code="CREATOR"/>:</span><span>${mindmap.creator.fullName}</span>
-            <span class="title"><spring:message code="DESCRIPTION"/>:</span><span>${mindmap.title}</span>
+            <span class="title"><spring:message code="CREATOR"/>:</span><span><c:out value="${mindmap.creator.fullName}"/></span>
+            <span class="title"><spring:message code="DESCRIPTION"/>:</span><span><c:out value="${mindmap.title}"/></span>
         </div>
     </div>
 </div>