Skip to content

Commit 9e0026c

Browse files
mxs2brianchandotcom
mxs2
authored and
brianchandotcom
committed
LPD-56406 Escape Parameter URL in RenderStructureFieldMVCResourceCommand
1 parent 152abaf commit 9e0026c

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

modules/apps/dynamic-data-mapping/dynamic-data-mapping-web/src/main/java/com/liferay/dynamic/data/mapping/web/internal/portlet/action/RenderStructureFieldMVCResourceCommand.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -124,8 +124,8 @@ protected void doServeResource(
124124
private DDMFormField _getDDMFormField(
125125
HttpServletRequest httpServletRequest) {
126126

127-
String definition = ParamUtil.getString(
128-
httpServletRequest, "definition");
127+
String definition = HtmlUtil.escapeAttribute(
128+
ParamUtil.getString(httpServletRequest, "definition"));
129129
String fieldName = ParamUtil.getString(httpServletRequest, "fieldName");
130130

131131
DDMFormDeserializerDeserializeRequest.Builder builder =

0 commit comments

Comments
 (0)