You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Frank Bille Jensen (JIRA)" <ji...@apache.org> on 2008/04/02 22:03:28 UTC
[jira] Updated: (WICKET-1311) Improper HTML escaping for most
wicket components and extensions
[ https://issues.apache.org/jira/browse/WICKET-1311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Frank Bille Jensen updated WICKET-1311:
---------------------------------------
Fix Version/s: (was: 1.3.3)
1.3.4
> Improper HTML escaping for most wicket components and extensions
> ----------------------------------------------------------------
>
> Key: WICKET-1311
> URL: https://issues.apache.org/jira/browse/WICKET-1311
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.3.0-final
> Environment: Web Browser ... :-)
> Reporter: Carsten
> Assignee: Igor Vaynberg
> Fix For: 1.3.4
>
>
> All text based components use a central function to escape html markup probably contained in the text.
> This is good style but the used method Strings.escapeMarkup() does not fullfill its contract.
> It does NOT escape all input but instead GUESSES and so it does not escape the String "&#" because it assumes
> an entity.
> That means it is not possible to display data which looks like a numeric entity.
> This utility method should not guess about it's input but escape blindly.
> If an entity should be "tunnelled through", there should be some kind of attributation.
> Using the current code it's not possible to have a text value of e.g. '' getting properly stored and displayed
> as exactly these 5 chars.
> (Try it at http://wicketstuff.org/wicket13/compref/?wicket:interface=:0:::: )
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.