Enable markup escaping of WizardStep's labels by default due to security aspects
--------------------------------------------------------------------------------
Key: WICKET-4219
URL: https://issues.apache.org/jira/browse/WICKET-4219
Project: Wicket
Issue Type: Improvement
Components: wicket-extensions
Affects Versions: 1.5.3, 1.4.19
Reporter: Thomas Aulinger
Markup escaping of the title and summary label in
org.apache.wicket.extensions.wizard.WizardStep are disabled by default. This
fact is not documented, an therefore there could be some security risk, when
their Models are generated from user input.
An improvement would be to enable markup escaping and let the user disable this
on demand.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
