From fc20f21306feed3d75e4766018b1681e464cbac5 Mon Sep 17 00:00:00 2001 From: dkayiwa Date: Fri, 20 Dec 2024 14:54:07 +0300 Subject: [PATCH] Unescape XSS escaped address layout template --- .../main/java/org/openmrs/layout/address/AddressSupport.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/api/src/main/java/org/openmrs/layout/address/AddressSupport.java b/api/src/main/java/org/openmrs/layout/address/AddressSupport.java index b36e478306b9..4ec8425ad6b1 100644 --- a/api/src/main/java/org/openmrs/layout/address/AddressSupport.java +++ b/api/src/main/java/org/openmrs/layout/address/AddressSupport.java @@ -12,6 +12,7 @@ import java.util.ArrayList; import java.util.List; +import org.apache.commons.lang.StringEscapeUtils import org.openmrs.GlobalProperty; import org.openmrs.api.GlobalPropertyListener; import org.openmrs.api.context.Context; @@ -56,7 +57,7 @@ private void init() { String layoutTemplateXml = Context.getAdministrationService().getGlobalProperty( OpenmrsConstants.GLOBAL_PROPERTY_ADDRESS_TEMPLATE); - setAddressTemplate(layoutTemplateXml); + setAddressTemplate(StringEscapeUtils.unescapeXml(layoutTemplateXml)); List specialTokens = new ArrayList<>(); specialTokens.add("address1");