[
https://issues.apache.org/jira/browse/WICKET-1311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Johan Compagner updated WICKET-1311:
------------------------------------
Fix Version/s: 1.3.3
Assignee: Igor Vaynberg
> Improper HTML escaping for most wicket components and extensions
> ----------------------------------------------------------------
>
> Key: WICKET-1311
> URL: https://issues.apache.org/jira/browse/WICKET-1311
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.3.0-final
> Environment: Web Browser ... :-)
> Reporter: Carsten
> Assignee: Igor Vaynberg
> Fix For: 1.3.3
>
>
> All text based components use a central function to escape html markup
> probably contained in the text.
> This is good style but the used method Strings.escapeMarkup() does not
> fullfill its contract.
> It does NOT escape all input but instead GUESSES and so it does not escape
> the String "&#" because it assumes
> an entity.
> That means it is not possible to display data which looks like a numeric
> entity.
> This utility method should not guess about it's input but escape blindly.
> If an entity should be "tunnelled through", there should be some kind of
> attributation.
> Using the current code it's not possible to have a text value of e.g. ''
> getting properly stored and displayed
> as exactly these 5 chars.
> (Try it at http://wicketstuff.org/wicket13/compref/?wicket:interface=:0:::: )
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
