htmlエスケープ追加

フォームはデフォで全てエスケープ(バリデートエラー時の再表示)。
変数は個別指定。

diff --git a/src/jp/sourceforge/rabbitBTS/models/Account.java b/src/jp/sourceforge/rabbitBTS/models/Account.java
index e71cf13..9453a89 100644 (file)
--- a/src/jp/sourceforge/rabbitBTS/models/Account.java
+++ b/src/jp/sourceforge/rabbitBTS/models/Account.java
@@ -41,7 +41,8 @@ public class Account {
        @Persistent
        @NotBlank
        @NotNull
-       @Length(max = 50)
+       @Length(max = 10)
+       // TODO: 短い
        private String nickName;
 
        /**

diff --git a/war/WEB-INF/views/bbs/index.ftl b/war/WEB-INF/views/bbs/index.ftl
index 2a94583..c4b24a2 100644 (file)
--- a/war/WEB-INF/views/bbs/index.ftl
+++ b/war/WEB-INF/views/bbs/index.ftl
@@ -6,8 +6,8 @@
 <tr><th>投稿者</th><th>内容</th><th>時刻</th></tr>
 [#list posts as g]
 <tr>
-<td>${g.author.nickName }</td>
-<td>${g.content }</td>
+<td>${g.author.nickName?html }</td>
+<td>${g.content?html }</td>
 <td>${g.date?datetime }</td>
 </tr>
 [/#list]

diff --git a/war/WEB-INF/views/bbs/postEdit.ftl b/war/WEB-INF/views/bbs/postEdit.ftl
index e93a8b4..6cbd3b3 100644 (file)
--- a/war/WEB-INF/views/bbs/postEdit.ftl
+++ b/war/WEB-INF/views/bbs/postEdit.ftl
@@ -5,9 +5,8 @@
 <h1>BBS 投稿</h1>
 <p>内容を入力し 投稿するボタン を押下してください。</p>
 <p>投稿内容は即座に反映されますのでご注意ください。</p>
-[#--[@spring.bind "bbsPost.content" /]--]
 <form action="postEdit.html" method="post">
-[@spring.formTextarea "bbsPost.content" /]
+[@spring.formTextarea "bbsPost.content" "rows='4' cols='20'" /]
 [@spring.showErrors "<br />", "err" /]
 <input type="submit" value="投稿する" />
 </form>

diff --git a/war/WEB-INF/views/common/head.ftl b/war/WEB-INF/views/common/head.ftl
index 8539505..0bfd2f1 100644 (file)
--- a/war/WEB-INF/views/common/head.ftl
+++ b/war/WEB-INF/views/common/head.ftl
@@ -1,11 +1,13 @@
 [#ftl]
 [#import "/spring.ftl" as spring /]
+[#assign htmlEscape = true in spring /]
+[#assign xhtmlCompliant = true in spring /]
 
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-<title>[Rabbit BTS] ${title}</title>
+<title>[Rabbit BTS] ${title?html}</title>
 <link href="/st/common.css" rel="stylesheet" type="text/css" />
 </head>
 <body>
@@ -16,10 +18,10 @@
        <img id="logo" src="http://www.logomaker.com/logo-images/c413a03c56b71ec0.gif" alt="Rabbit BTS logo" />
        </a>
        <div class="headMenu">
-               <p class="title">${title}</p>
+               <p class="title">${title?html}</p>
                
                [#if acc??]
-               <a href="/home/">${acc.nickName}</a>でログイン中(<a href="${logouturl}">ログアウト</a>)
+               <a href="/home/">${acc.nickName?html}</a>でログイン中(<a href="${logouturl}">ログアウト</a>)
                [#else]
                <a href="http://www.businesslogos.com"><img src="http://www.logomaker.com/images/logos.gif" alt="logos" border="0"/></a>
                <a href="${loginurl}">ログイン</a>または<a href="/register/">新規登録</a>

diff --git a/war/WEB-INF/views/register/index.ftl b/war/WEB-INF/views/register/index.ftl
index 64ba1b4..8a98e30 100644 (file)
--- a/war/WEB-INF/views/register/index.ftl
+++ b/war/WEB-INF/views/register/index.ftl
@@ -6,12 +6,15 @@
 
 <form action="" method="post">
 <ul>
-<li>ニックネーム[@spring.formInput "account.nickName" /]</li>
+<li>ニックネーム
+[@spring.formInput "account.nickName" /]
 [@spring.showErrors "<br />", "err" /]
+</li>
 
-<li>自己紹介[@spring.formTextarea "account.bio" /]</li>
+<li>自己紹介[@spring.formTextarea "account.bio" "rows='4' cols='20'" /]
 [@spring.showErrors "<br />", "err" /]
-
+</li>
 <li><input type="submit" value="登録" /></li>
+</ul>
 </form>
 [#include "/common/foot.ftl"]
\ No newline at end of file