[jira] Commented: (WICKET-2484) CLONE -Improper HTML escaping for most wicket components and extensions

Sat, 26 Sep 2009 09:47:54 -0700 

    [ 
https://issues.apache.org/jira/browse/WICKET-2484?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12759866#action_12759866
 ] 

Juergen Donnerstag commented on WICKET-2484:
--------------------------------------------

Please provide a more detailed example (testcase or quickstart). Potentially 
the problem can be solved via UTF-8 encoded properties files which we now 
support (see http://issues.apache.org/jira/browse/WICKET-2451). XML properties 
files with encoding are support as well.

> CLONE -Improper HTML escaping for most wicket components and extensions
> -----------------------------------------------------------------------
>
>                 Key: WICKET-2484
>                 URL: https://issues.apache.org/jira/browse/WICKET-2484
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket
>    Affects Versions: 1.3.0-final
>         Environment: Web Browser ... :-)
>            Reporter: Frank Klein Koerkamp
>            Assignee: Igor Vaynberg
>             Fix For: 1.4-RC1
>
>
> /*All text based components use a central function to escape html markup 
> probably contained in the text.
> This is good style but the used method Strings.escapeMarkup() does not 
> fullfill its contract.
> It does NOT escape all input but instead GUESSES and so it does not escape 
> the String "&#" because it assumes
> an entity.
> That means it is not possible to display data which looks like a numeric 
> entity.
> This utility method should not guess about it's input but escape blindly.
> If an entity should be "tunnelled through", there should be some kind of 
> attributation.
> Using the current code it's not possible to have a text value of e.g. '' 
> getting properly stored and displayed
> as exactly these 5 chars.
> (Try it at  http://wicketstuff.org/wicket13/compref/?wicket:interface=:0:::: 
> )*/
> This change is given us problems we often use ' ' in our propery files. 
> We use this to show a space or things like it. With updating to 1.4 we see 
> that the code is shown instead of the space.
> If this is not fixed, how can we work around it. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to