#58992 #3. XSS（保存型）の影響を受ける可能性がある

53b801df · Kim Gyeongeun · fb780ee2 · 53b801df · 53b801df
Commit 53b801df authored May 13, 2024 by Kim Gyeongeun
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 4 deletions

src/main/webapp/WEB-INF/view/admin/member/memberList.html
+2 -2

src/main/webapp/WEB-INF/view/admin/setting/adminRegist.html
+3 -2

No files found.
--- a/src/main/webapp/WEB-INF/view/admin/member/memberList.html
+++ b/src/main/webapp/WEB-INF/view/admin/member/memberList.html
@@ -58,9 +58,9 @@
 #foreach($member in $memberList)
 	<tr  #if($velocityCount % 2 == 0) class="white dot_line" #else class="gray" #end>
 <td><a href="#q('/admin/member/memberEdit?memberId=')${member.memberId}">$!member.memberId</a></td>
-<td>$!member.loginId</td>
+<td>#he($!member.loginId)</td>
 <td>$!escape.html($!member.name1) $!escape.html($!member.name2)</td>
-<td>$!member.mail</td>
+<td>#he($!member.mail)</td>
 ##<td>$!member.birthDay</td>
 <td class="t_center">$!tools.addSlashDate($!member.birthDay)</td>
 <td>$!escape.html($!member.address1) $!escape.html($!member.address2)</td>

--- a/src/main/webapp/WEB-INF/view/admin/setting/adminRegist.html
+++ b/src/main/webapp/WEB-INF/view/admin/setting/adminRegist.html
@@ -7,8 +7,9 @@
 <script language="JavaScript" type="text/JavaScript">
    <!--
-	function goAdminList(){
+    function goAdminList(){
-		location.href="#q('/admin/setting/adminSearch/search/')${pageNo}";
+    	var adminListPageNo = '#he("$!{pageNo}")';
+		location.href="#q('/admin/setting/adminSearch/search/')" + adminListPageNo;
 	}
    -->
 </script>