diff options
| author | Zhe Sun <31067185+ZheSun88@users.noreply.github.com> | 2019-07-01 14:56:48 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-07-01 14:56:48 +0300 |
| commit | 2584e9ad44fa9135daa405df8cbc9ae7d4a3ee33 (patch) | |
| tree | 8b70bd2812154e89d100a4894f9630f0fcf3fa52 | |
| parent | 35a9c4255f1d46f4aa8e27b26ea2cd25def50ab0 (diff) | |
| download | vaadin-framework-2584e9ad44fa9135daa405df8cbc9ae7d4a3ee33.tar.gz vaadin-framework-2584e9ad44fa9135daa405df8cbc9ae7d4a3ee33.zip | |
Sanitize caption used in Grid header (#11644)
* Sanitize input used in Grid header
| -rw-r--r-- | server/src/main/java/com/vaadin/ui/Grid.java | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/server/src/main/java/com/vaadin/ui/Grid.java b/server/src/main/java/com/vaadin/ui/Grid.java index d463832119..fa6237a83a 100644 --- a/server/src/main/java/com/vaadin/ui/Grid.java +++ b/server/src/main/java/com/vaadin/ui/Grid.java @@ -38,6 +38,7 @@ import java.util.function.Function; import java.util.stream.Collectors; import java.util.stream.Stream; +import org.jsoup.Jsoup; import org.jsoup.nodes.Attributes; import org.jsoup.nodes.Element; import org.jsoup.select.Elements; @@ -1340,6 +1341,7 @@ public class Grid<T> extends AbstractListing<T> implements HasComponents, */ public Column<T, V> setCaption(String caption) { Objects.requireNonNull(caption, "Header caption can't be null"); + caption = Jsoup.parse(caption).text(); if (caption.equals(getState(false).caption)) { return this; } |