XSS prevention

Author: jpenren

src/main/java/org/thymeleaf/dialect/springdata/util/PageUtils.java

@@ -6,8 +6,8 @@
 import static org.thymeleaf.dialect.springdata.util.Strings.EQ;
 import static org.thymeleaf.dialect.springdata.util.Strings.PAGE;
 import static org.thymeleaf.dialect.springdata.util.Strings.Q_MARK;
-import static org.thymeleaf.dialect.springdata.util.Strings.SORT;
 import static org.thymeleaf.dialect.springdata.util.Strings.SIZE;
+import static org.thymeleaf.dialect.springdata.util.Strings.SORT;
 
 import java.util.Arrays;
 import java.util.Collection;
@@ -31,6 +31,7 @@
 import org.thymeleaf.standard.expression.IStandardExpression;
 import org.thymeleaf.standard.expression.IStandardExpressionParser;
 import org.thymeleaf.standard.expression.StandardExpressions;
+import org.unbescape.html.HtmlEscape;
 
 @SuppressWarnings("unchecked")
 public final class PageUtils {
@@ -166,16 +167,17 @@ private static String buildBaseUrl(final ITemplateContext context, Collection<St
 	        		Collection<String> paramValues = Arrays.asList(values);
 	        		Iterator<String> it = paramValues.iterator();
 	        		while ( it.hasNext() ) {
-						String value = it.next();
+	        			String value = it.next();
 						builder.append(name).append(EQ).append(value);
 						if( it.hasNext() ){
 							builder.append(AND);
 						}
 					}
 	        	}
 			}
-
-	        return builder.toString();
+	        
+	        //Escape to HTML content
+	        return HtmlEscape.escapeHtml4Xml( builder.toString() );
 		}
 
 		return url==null ? EMPTY : url;