You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Sven Meier (JIRA)" <ji...@apache.org> on 2016/05/20 11:07:12 UTC
[jira] [Assigned] (WICKET-6155) Newline in ModalWindow title
[ https://issues.apache.org/jira/browse/WICKET-6155?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sven Meier reassigned WICKET-6155:
----------------------------------
Assignee: Sven Meier
> Newline in ModalWindow title
> -----------------------------
>
> Key: WICKET-6155
> URL: https://issues.apache.org/jira/browse/WICKET-6155
> Project: Wicket
> Issue Type: Bug
> Components: wicket-extensions
> Affects Versions: 6.22.0
> Reporter: Ramon van Sparrentak
> Assignee: Sven Meier
> Priority: Minor
>
> Setting a newline (\n) in the title of ModalWindow crashes, because the newline is used unescaped in JavaScript (only HTML is escaped) and breaks the generated string literal.
> Reproduction steps:
> Create the modal-window example project.
> Change the title:
>
> add(modal1 = new ModalWindow("modal1"));
> modal1.setTitle("modal title\n with newline");
> Start the application and open the modal window.
> Exception evaluating javascript: SyntaxError: unterminated string literal, text: (function(){var settings = new Object();
> ...
> settings.cookieId="modal-1";
> settings.title="modal title
> with newline";
> ...
> Note that the newline ends up unescaped. The string literal generation code is in getWindowOpenJavaScript#getWindowOpenJavaScript()
> String title = getTitle() != null ? getTitle().getObject() : null;
> if (title != null)
> {
> String escaped = getDefaultModelObjectAsString(title);
> appendAssignment(buffer, "settings.title", escaped);
> }
> getDefaultModelObjectAsString does escape HTML (if flag is set), but does not escape the JavaScript.
> Perhaps #appendAssignment() should escape the value?
> Same for the characters \ and \r
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)