[jira] [Resolved] (WICKET-3946) input is not escaped in validation errors

Martin Grigorov (JIRA) Fri, 05 Aug 2011 01:39:13 -0700

     [ 
https://issues.apache.org/jira/browse/WICKET-3946?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Martin Grigorov resolved WICKET-3946.
-------------------------------------

    Resolution: Not A Problem

There is no XSS problem.
The other problem will be tracked in WICKET-3945.

> input is not escaped in validation errors 
> ------------------------------------------
>
>                 Key: WICKET-3946
>                 URL: https://issues.apache.org/jira/browse/WICKET-3946
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket-core
>    Affects Versions: 1.4.17
>            Reporter: Mikhail Fedko
>         Attachments: wicket-3946.tgz
>
>
> hi,
> when I add TextField<Integer>("field", Model.of(0), Integer.class)
> and input inside field something like <script>alert('XSS')</script> the input 
> is not escaped, I just get
> '' is not a valid Integer. + alert

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Resolved] (WICKET-3946) input is not escaped in validation errors

Reply via email to