Sanitize caption used in compatibility Grid header (#12018)

* Sanitize caption used in compatibility Grid header Cherry pick of #11644
author: Anna Koskinen <Ansku@users.noreply.github.com> 2020-05-20 12:13:35 +0300
committer: GitHub <noreply@github.com> 2020-05-20 12:13:35 +0300
commit: 4014f806a139b3bf00f9fc3e807817ac35ba9501 (patch)
tree: 284b371c1772ac6d39d577d843043bd838ab6c57 /compatibility-server
parent: 222705a48b80a23d6cd3f2884367a249a0130638 (diff)
download: vaadin-framework-4014f806a139b3bf00f9fc3e807817ac35ba9501.tar.gz
vaadin-framework-4014f806a139b3bf00f9fc3e807817ac35ba9501.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/compatibility-server/src/main/java/com/vaadin/v7/ui/Grid.java b/compatibility-server/src/main/java/com/vaadin/v7/ui/Grid.java
index 20f7acb074..f67bbb4c3e 100644
--- a/compatibility-server/src/main/java/com/vaadin/v7/ui/Grid.java
+++ b/compatibility-server/src/main/java/com/vaadin/v7/ui/Grid.java
@@ -38,6 +38,7 @@ import java.util.Set;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
+import org.jsoup.Jsoup;
 import org.jsoup.nodes.Attributes;
 import org.jsoup.nodes.Element;
 import org.jsoup.select.Elements;
@@ -3473,6 +3474,7 @@ public class Grid extends AbstractComponent
             if (caption == null) {
                 caption = ""; // Render null as empty
             }
+            caption = Jsoup.parse(caption).text();
             state.headerCaption = caption;
 
             HeaderRow row = grid.getHeader().getDefaultRow();
author	Anna Koskinen <Ansku@users.noreply.github.com>	2020-05-20 12:13:35 +0300
committer	GitHub <noreply@github.com>	2020-05-20 12:13:35 +0300
commit	4014f806a139b3bf00f9fc3e807817ac35ba9501 (patch)
tree	284b371c1772ac6d39d577d843043bd838ab6c57 /compatibility-server
parent	222705a48b80a23d6cd3f2884367a249a0130638 (diff)
download	vaadin-framework-4014f806a139b3bf00f9fc3e807817ac35ba9501.tar.gz vaadin-framework-4014f806a139b3bf00f9fc3e807817ac35ba9501.zip