Fixed a possible security vulnerability in IWindow. The window caption string was...

svn changeset:5115/svn branch:trunk

diff --git a/src/com/itmill/toolkit/terminal/gwt/client/ui/IWindow.java b/src/com/itmill/toolkit/terminal/gwt/client/ui/IWindow.java
index 10bfd939bed009a0a54f8a5969cddd23100fbf3b..76c7a9ea81179dce31090529e485cf302a6aa4f9 100644 (file)
--- a/src/com/itmill/toolkit/terminal/gwt/client/ui/IWindow.java
+++ b/src/com/itmill/toolkit/terminal/gwt/client/ui/IWindow.java
@@ -491,7 +491,7 @@ public class IWindow extends PopupPanel implements Paintable, ScrollListener {
     }
 
     public void setCaption(String c, String icon) {
-        String html = c;
+        String html = Util.escapeHTML(c);
         if (icon != null) {
             icon = client.translateToolkitUri(icon);
             html = "<img src=\"" + icon + "\" class=\"i-icon\" />" + html;