You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Igor Vaynberg (JIRA)" <ji...@apache.org> on 2009/11/30 17:09:20 UTC
[jira] Updated: (WICKET-2484) CLONE -Improper HTML escaping for
most wicket components and extensions
[ https://issues.apache.org/jira/browse/WICKET-2484?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Igor Vaynberg updated WICKET-2484:
----------------------------------
Fix Version/s: (was: 1.4-RC1)
> CLONE -Improper HTML escaping for most wicket components and extensions
> -----------------------------------------------------------------------
>
> Key: WICKET-2484
> URL: https://issues.apache.org/jira/browse/WICKET-2484
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.3.0-final
> Environment: Web Browser ... :-)
> Reporter: Frank Klein Koerkamp
> Assignee: Igor Vaynberg
>
> /*All text based components use a central function to escape html markup probably contained in the text.
> This is good style but the used method Strings.escapeMarkup() does not fullfill its contract.
> It does NOT escape all input but instead GUESSES and so it does not escape the String "&#" because it assumes
> an entity.
> That means it is not possible to display data which looks like a numeric entity.
> This utility method should not guess about it's input but escape blindly.
> If an entity should be "tunnelled through", there should be some kind of attributation.
> Using the current code it's not possible to have a text value of e.g. '' getting properly stored and displayed
> as exactly these 5 chars.
> (Try it at http://wicketstuff.org/wicket13/compref/?wicket:interface=:0:::: )*/
> This change is given us problems we often use ' ' in our propery files. We use this to show a space or things like it. With updating to 1.4 we see that the code is shown instead of the space.
> If this is not fixed, how can we work around it.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.