3.1.1.8 Resolve Manage Patient Identifier Sources from XSS attack (#123)

* 3.1.1.8 Resolve Manage Patient Identifier Sources from XSS attack

* add firstIdentifierBase

* keep it consistent

* making sure display is also covered

* remove already existing file

* match method to where is being used

* renaming method

omod/src/main/webapp/editIdentifierSource.jsp

@@ -6,6 +6,21 @@
 <%@ include file="/WEB-INF/template/header.jsp"%>
 <%@ include file="localHeader.jsp"%>
 
+<script type="text/javascript">
+function sanitizeAndSubmit() {
+	const baseCharacterSet = document.getElementById('baseCharacterSet');
+	const prefix = document.getElementById('prefix');
+	const suffix = document.getElementById('suffix');
+	const firstIdentifierBase = document.getElementById('firstIdentifierBase');
+
+	baseCharacterSet.value=html_sanitize(baseCharacterSet.value);
+	prefix.value=html_sanitize(prefix.value);
+	suffix.value=html_sanitize(suffix.value);
+	firstIdentifierBase.value=html_sanitize(firstIdentifierBase.value);
+	return true;
+}
+</script>
+
 <style>
 	.requiredField {font-weight:bold; color:red;}
 </style>
@@ -22,7 +37,7 @@
 	<spring:message code="idgen.general.for"/> <c:out value='${source.identifierType.name}'/>
 </h3>
 
-<frm:form modelAttribute="source" method="post" action="saveIdentifierSource.form">
+<frm:form modelAttribute="source" method="post" action="saveIdentifierSource.form" onsubmit="return sanitizeAndSubmit()">
 	<frm:errors path="*" cssClass="error"/><br/>
 	<table>
 		<tr>
@@ -69,12 +84,12 @@
 					<span class="requiredField">*</span>
 					<spring:message code="idgen.baseCharacterSet" />:
 				</th>
-				<td><frm:input path="baseCharacterSet" size="80" /><frm:errors path="baseCharacterSet" cssClass="error" /></td>
+				<td><frm:input id="baseCharacterSet" path="baseCharacterSet" size="80" /><frm:errors path="baseCharacterSet" cssClass="error" /></td>
 			</tr>
 			<tr>
 				<th align="right" valign="top">
 					<span class="requiredField">*</span>
-					<spring:message code="idgen.firstIdentifierBase" />:
+					<spring:message id="baseCharacterSet" code="idgen.firstIdentifierBase" />:
 				</th>
 				<td>
 					<c:choose>
@@ -84,18 +99,18 @@
 							<spring:message code="idgen.inUseUnableToModify" />
 						</c:when>
 						<c:otherwise>
-							<frm:input path="firstIdentifierBase" size="20" /><frm:errors path="firstIdentifierBase" cssClass="error" />
+							<frm:input id="firstIdentifierBase" path="firstIdentifierBase" size="20" /><frm:errors path="firstIdentifierBase" cssClass="error" />
 						</c:otherwise>
 					</c:choose>
 				</td>
 			</tr>
 			<tr>
 				<th align="right"><spring:message code="idgen.prefix" />:</th>
-				<td><frm:input path="prefix" size="10" /><frm:errors path="prefix" cssClass="error" /></td>
+				<td><frm:input id="prefix" path="prefix" size="10" /><frm:errors path="prefix" cssClass="error" /></td>
 			</tr>
 			<tr>
 				<th align="right"><spring:message code="idgen.suffix" />:</th>
-				<td><frm:input path="suffix" size="10" /><frm:errors path="suffix" cssClass="error" /></td>
+				<td><frm:input id="suffix" path="suffix" size="10" /><frm:errors path="suffix" cssClass="error" /></td>
 			</tr>
 			<tr>
 				<th align="right"><spring:message code="idgen.minLength" />:</th>

omod/src/main/webapp/viewIdentifierSource.jsp

@@ -52,19 +52,19 @@
 	<table id="sourceTable">
 		<tr>
 			<th><spring:message code="idgen.baseCharacterSet"/>:</th>
-			<td>${source.baseCharacterSet}</td>
+			<td><c:out value='${source.baseCharacterSet}'/></td>
 		</tr>
 		<tr>
 			<th><spring:message code="idgen.firstIdentifierBase"/>:</th>
-			<td>${source.firstIdentifierBase}</td>
+			<td><c:out value='${source.firstIdentifierBase}'/></td>
 		</tr>
 		<tr>
 			<th><spring:message code="idgen.prefix"/>:</th>
-			<td>${source.prefix}</td>
+			<td><c:out value='${source.prefix}'/></td>
 		</tr>
 		<tr>
 			<th><spring:message code="idgen.suffix"/>:</th>
-			<td>${source.suffix}</td>
+			<td>$<c:out value='{source.suffix}'/></td>
 		</tr>
 		<tr>
 			<th><spring:message code="idgen.minLength"/>:</th>