You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tapestry.apache.org by "Volker Lamp (Jira)" <ji...@apache.org> on 2022/06/10 10:07:00 UTC

[jira] [Reopened] (TAP5-2725) Lack of HTML escaping in validation error message

     [ https://issues.apache.org/jira/browse/TAP5-2725?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Volker Lamp reopened TAP5-2725:
-------------------------------

This issue was fixed using {{StringEscapeUtils}} from {{commons-lang3}} which is available in the compile classpath as a transitive dependency via {{commons-codec}}.

However, to avoid {{ClassNotFoundException}}s for users of {{tapestry-core}} at runtime, an {{api}} dependency to {{commons-lang3}} should be added.

> Lack of HTML escaping in validation error message
> -------------------------------------------------
>
>                 Key: TAP5-2725
>                 URL: https://issues.apache.org/jira/browse/TAP5-2725
>             Project: Tapestry 5
>          Issue Type: Improvement
>          Components: tapestry-core
>            Reporter: Thiago Henrique De Paula Figueiredo
>            Assignee: Thiago Henrique De Paula Figueiredo
>            Priority: Major
>             Fix For: 5.8.2
>
>
> The error messages in form field components are supposed to not have inline styles, so HTML should be escaped on them.
> Old description:
> -For almost all, if not all, validation error messages from Tapestry form field components, the value isn't shown, just the field name. DateField shows the value, so it must be changed to be consistent with the others.-
> -Notice this changes how the {{core-date-value-not-parseable}} message is used. The en, es, fr, it and pt_BR localizations were already updated in this ticket.-



--
This message was sent by Atlassian Jira
(v8.20.7#820007)