DO NOT REPLY [Bug 23864] New: - html radio tag, value attribute, special characters < > "

[bu...@apache.org]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23864>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23864

html radio tag, value attribute,  special characters < > "

           Summary: html radio tag, value attribute,  special characters < >
                    "
           Product: Struts
           Version: 1.1 Beta 1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Custom Tags
        AssignedTo: struts-dev@jakarta.apache.org
        ReportedBy: hchen14@ford.com
                CC: hchen14@ford.com


We noticed that a string value containing html sensitive characters, such as < 
> & " etc., is not filtered / escaped for html:radio tag (the value of the 
radio input). This cause the resulting html page to break, as in the following 
browser view -

[radio box here] " checked="checked"> Blue

User should see this - 

[radio box here] Blue

After looking at the taglib source code, we know that HiddenTag, OptionsTag, 
TextareaTag, TextTag, etc, do escape the special characters, using 
ResponseUtils.filter method.

However, RadioTag, CheckboxTag do not.

---------------------------------------------------------------------
To unsubscribe, e-mail: struts-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-dev-help@jakarta.apache.org