[
https://issues.apache.org/jira/browse/WICKET-2484?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Frank Klein Koerkamp updated WICKET-2484:
-----------------------------------------
Description:
/*All text based components use a central function to escape html markup
probably contained in the text.
This is good style but the used method Strings.escapeMarkup() does not fullfill
its contract.
It does NOT escape all input but instead GUESSES and so it does not escape the
String "&#" because it assumes
an entity.
That means it is not possible to display data which looks like a numeric entity.
This utility method should not guess about it's input but escape blindly.
If an entity should be "tunnelled through", there should be some kind of
attributation.
Using the current code it's not possible to have a text value of e.g. ''
getting properly stored and displayed
as exactly these 5 chars.
(Try it at http://wicketstuff.org/wicket13/compref/?wicket:interface=:0:::: )*/
This change is given us problems we often use ' ' in our propery files. We
use this to show a space or things like it. With updating to 1.4 we see that
the code is shown instead of the space.
If this is not fixed, how can we work around it.
was:
All text based components use a central function to escape html markup probably
contained in the text.
This is good style but the used method Strings.escapeMarkup() does not fullfill
its contract.
It does NOT escape all input but instead GUESSES and so it does not escape the
String "&#" because it assumes
an entity.
That means it is not possible to display data which looks like a numeric entity.
This utility method should not guess about it's input but escape blindly.
If an entity should be "tunnelled through", there should be some kind of
attributation.
Using the current code it's not possible to have a text value of e.g. ''
getting properly stored and displayed
as exactly these 5 chars.
(Try it at http://wicketstuff.org/wicket13/compref/?wicket:interface=:0:::: )
> CLONE -Improper HTML escaping for most wicket components and extensions
> -----------------------------------------------------------------------
>
> Key: WICKET-2484
> URL: https://issues.apache.org/jira/browse/WICKET-2484
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.3.0-final
> Environment: Web Browser ... :-)
> Reporter: Frank Klein Koerkamp
> Assignee: Igor Vaynberg
> Fix For: 1.4-RC1
>
>
> /*All text based components use a central function to escape html markup
> probably contained in the text.
> This is good style but the used method Strings.escapeMarkup() does not
> fullfill its contract.
> It does NOT escape all input but instead GUESSES and so it does not escape
> the String "&#" because it assumes
> an entity.
> That means it is not possible to display data which looks like a numeric
> entity.
> This utility method should not guess about it's input but escape blindly.
> If an entity should be "tunnelled through", there should be some kind of
> attributation.
> Using the current code it's not possible to have a text value of e.g. ''
> getting properly stored and displayed
> as exactly these 5 chars.
> (Try it at http://wicketstuff.org/wicket13/compref/?wicket:interface=:0::::
> )*/
> This change is given us problems we often use ' ' in our propery files.
> We use this to show a space or things like it. With updating to 1.4 we see
> that the code is shown instead of the space.
> If this is not fixed, how can we work around it.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
