[jira] [Commented] (WICKET-3946) input is not escaped in validation errors

Pedro Santos (JIRA) Thu, 04 Aug 2011 20:13:59 -0700

    [ 
https://issues.apache.org/jira/browse/WICKET-3946?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13079773#comment-13079773
 ]


Pedro Santos commented on WICKET-3946:
--------------------------------------

I can't reproduce the problem here neither.

> input is not escaped in validation errors 
> ------------------------------------------
>
>                 Key: WICKET-3946
>                 URL: https://issues.apache.org/jira/browse/WICKET-3946
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket-core
>    Affects Versions: 1.4.17
>            Reporter: Mikhail Fedko
>         Attachments: wicket-3946.tgz
>
>
> hi,
> when I add TextField<Integer>("field", Model.of(0), Integer.class)
> and input inside field something like <script>alert('XSS')</script> the input 
> is not escaped, I just get
> '' is not a valid Integer. + alert

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (WICKET-3946) input is not escaped in validation errors

Reply via email to