input is not escaped in validation errors 
------------------------------------------

                 Key: WICKET-3946
                 URL: https://issues.apache.org/jira/browse/WICKET-3946
             Project: Wicket
          Issue Type: Bug
          Components: wicket-core
    Affects Versions: 1.4.17
            Reporter: Mikhail Fedko


hi,

when I add TextField<Integer>("field", Model.of(0), Integer.class)
and input inside field something like <script>alert('XSS')</script> the input 
is not escaped, I just get
'' is not a valid Integer. + alert

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Reply via email to