add escaping on some places

1 files changed, 19 insertions, 1 deletions

diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
index 0c07ad3fb..901dbae53 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
@@ -77,13 +77,31 @@ public class DefaultGUIFormBuilderConfiguration extends AbstractGUIFormBuilderCo
 	 * @param key velocity context key
 	 * @param value of this key
 	 */
-	public void putCustomParameter(String key, Object value) {
+	public void putCustomParameterWithOutEscaption(String key, Object value) {
 		if (customParameters == null)
 			customParameters = new HashMap<String, Object>();
 		
 		customParameters.put(key, value);
 	}
 	
+	/**
+	 * Add a key/value pair into Velocity context.<br>
+	 * All parameters get escaped internally
+	 * 
+	 * @param key velocity context key
+	 * @param value of this key
+	 */
+	public void putCustomParameter(String key, Object value) {
+		if (customParameters == null)
+			customParameters = new HashMap<String, Object>();
+		
+		if (value instanceof String)
+			customParameters.put(key, StringEscapeUtils.escapeHtml((String)value));
+		else
+			customParameters.put(key, StringEscapeUtils.escapeHtml(value.toString()));
+		
+	}
+	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration#getViewParameters()
 	 */