Sanitize caption used in Grid header (#11644)

* Sanitize input used in Grid header
author: Zhe Sun <31067185+ZheSun88@users.noreply.github.com> 2019-07-01 14:56:48 +0300
committer: Zhe Sun <31067185+ZheSun88@users.noreply.github.com> 2019-07-01 15:06:49 +0300
commit: c71417b51ed311adc2353fb88c75bb72c7293a54 (patch)
tree: 1b407b9eca1b2882a7f404c226e2d5274dc9a1b3
parent: daaa16baacd6e9d08d2e8f8388b5a959325a3667 (diff)
download: vaadin-framework-c71417b51ed311adc2353fb88c75bb72c7293a54.tar.gz
vaadin-framework-c71417b51ed311adc2353fb88c75bb72c7293a54.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/server/src/main/java/com/vaadin/ui/Grid.java b/server/src/main/java/com/vaadin/ui/Grid.java
index d463832119..fa6237a83a 100644
--- a/server/src/main/java/com/vaadin/ui/Grid.java
+++ b/server/src/main/java/com/vaadin/ui/Grid.java
@@ -38,6 +38,7 @@ import java.util.function.Function;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
+import org.jsoup.Jsoup;
 import org.jsoup.nodes.Attributes;
 import org.jsoup.nodes.Element;
 import org.jsoup.select.Elements;
@@ -1340,6 +1341,7 @@ public class Grid<T> extends AbstractListing<T> implements HasComponents,
          */
         public Column<T, V> setCaption(String caption) {
             Objects.requireNonNull(caption, "Header caption can't be null");
+            caption = Jsoup.parse(caption).text();
             if (caption.equals(getState(false).caption)) {
                 return this;
             }
author	Zhe Sun <31067185+ZheSun88@users.noreply.github.com>	2019-07-01 14:56:48 +0300
committer	Zhe Sun <31067185+ZheSun88@users.noreply.github.com>	2019-07-01 15:06:49 +0300
commit	c71417b51ed311adc2353fb88c75bb72c7293a54 (patch)
tree	1b407b9eca1b2882a7f404c226e2d5274dc9a1b3
parent	daaa16baacd6e9d08d2e8f8388b5a959325a3667 (diff)
download	vaadin-framework-c71417b51ed311adc2353fb88c75bb72c7293a54.tar.gz vaadin-framework-c71417b51ed311adc2353fb88c75bb72c7293a54.zip