Sanitize caption used in Grid header

author Tatu Lund <tatu@vaadin.com>

Mon, 1 Jul 2019 11:36:09 +0000 (14:36 +0300)

committer Zhe Sun <31067185+ZheSun88@users.noreply.github.com>

Tue, 2 Jul 2019 07:58:27 +0000 (10:58 +0300)
author Tatu Lund <tatu@vaadin.com>
Mon, 1 Jul 2019 11:36:09 +0000 (14:36 +0300)
committer Zhe Sun <31067185+ZheSun88@users.noreply.github.com>
Tue, 2 Jul 2019 07:58:27 +0000 (10:58 +0300)
diff --git a/server/src/main/java/com/vaadin/ui/Grid.java b/server/src/main/java/com/vaadin/ui/Grid.java

index c8bdd98b761c25070c6f2e2076b9f131d9cae418..cd188912096f37fb77d0cf9494ae9692af8c5a52 100644 (file)
--- a/server/src/main/java/com/vaadin/ui/Grid.java
+++ b/server/src/main/java/com/vaadin/ui/Grid.java
@@ -38,6 +38,7 @@ import java.util.Set;
  import java.util.logging.Level;
  import java.util.logging.Logger;
  
+import org.jsoup.Jsoup;
  import org.jsoup.nodes.Attributes;
  import org.jsoup.nodes.Element;
  import org.jsoup.select.Elements;
@@ -3424,6 +3425,7 @@ public class Grid extends AbstractFocusable implements SelectionNotifier,
              if (caption == null) {
                  caption = ""; // Render null as empty
              }
+            caption = Jsoup.parse(caption).text();
              state.headerCaption = caption;
  
              HeaderRow row = grid.getHeader().getDefaultRow();
author	Tatu Lund <tatu@vaadin.com>
	Mon, 1 Jul 2019 11:36:09 +0000 (14:36 +0300)
committer	Zhe Sun <31067185+ZheSun88@users.noreply.github.com>
	Tue, 2 Jul 2019 07:58:27 +0000 (10:58 +0300)