Repository: wicket Updated Branches: refs/heads/wicket-1.5.x 73c2e7b9d -> 63937445d
Escape the generated markup for attribute names and values in CheckBoxMultipleChoice and RadioChoice Project: http://git-wip-us.apache.org/repos/asf/wicket/repo Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/63937445 Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/63937445 Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/63937445 Branch: refs/heads/wicket-1.5.x Commit: 63937445d4348f8478187251f7b4fd32814ae9ba Parents: 73c2e7b Author: Martin Tzvetanov Grigorov <[email protected]> Authored: Mon Dec 21 16:46:18 2015 +0100 Committer: Martin Tzvetanov Grigorov <[email protected]> Committed: Mon Dec 21 16:46:18 2015 +0100 ---------------------------------------------------------------------- .../wicket/markup/html/form/CheckBoxMultipleChoice.java | 6 +++--- .../org/apache/wicket/markup/html/form/RadioChoice.java | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/wicket/blob/63937445/wicket-core/src/main/java/org/apache/wicket/markup/html/form/CheckBoxMultipleChoice.java ---------------------------------------------------------------------- diff --git a/wicket-core/src/main/java/org/apache/wicket/markup/html/form/CheckBoxMultipleChoice.java b/wicket-core/src/main/java/org/apache/wicket/markup/html/form/CheckBoxMultipleChoice.java index 6e3b283..b09f7d9 100644 --- a/wicket-core/src/main/java/org/apache/wicket/markup/html/form/CheckBoxMultipleChoice.java +++ b/wicket-core/src/main/java/org/apache/wicket/markup/html/form/CheckBoxMultipleChoice.java @@ -405,9 +405,9 @@ public class CheckBoxMultipleChoice<T> extends ListMultipleChoice<T> buffer.append(" disabled=\"disabled\""); } buffer.append(" value=\""); - buffer.append(id); + buffer.append(Strings.escapeMarkup(id)); buffer.append("\" id=\""); - buffer.append(idAttr); + buffer.append(Strings.escapeMarkup(idAttr)); buffer.append("\"/>"); // Add label for checkbox @@ -421,7 +421,7 @@ public class CheckBoxMultipleChoice<T> extends ListMultipleChoice<T> : display); buffer.append("<label for=\""); - buffer.append(idAttr); + buffer.append(Strings.escapeMarkup(idAttr)); buffer.append("\">").append(escaped).append("</label>"); // Append option suffix http://git-wip-us.apache.org/repos/asf/wicket/blob/63937445/wicket-core/src/main/java/org/apache/wicket/markup/html/form/RadioChoice.java ---------------------------------------------------------------------- diff --git a/wicket-core/src/main/java/org/apache/wicket/markup/html/form/RadioChoice.java b/wicket-core/src/main/java/org/apache/wicket/markup/html/form/RadioChoice.java index 4608781..27a309f 100644 --- a/wicket-core/src/main/java/org/apache/wicket/markup/html/form/RadioChoice.java +++ b/wicket-core/src/main/java/org/apache/wicket/markup/html/form/RadioChoice.java @@ -395,9 +395,9 @@ public class RadioChoice<T> extends AbstractSingleSelectChoice<T> implements IOn .append((isSelected(choice, index, selected) ? " checked=\"checked\"" : "")) .append((enabled ? "" : " disabled=\"disabled\"")) .append(" value=\"") - .append(id) + .append(Strings.escapeMarkup(id)) .append("\" id=\"") - .append(idAttr) + .append(Strings.escapeMarkup(idAttr)) .append("\""); // Should a roundtrip be made (have onSelectionChanged called) @@ -421,7 +421,7 @@ public class RadioChoice<T> extends AbstractSingleSelectChoice<T> implements IOn .append(url) .append((url.toString().indexOf('?') > -1 ? "&" : "?") + getInputName()) .append("=") - .append(id) + .append(Strings.escapeMarkup(id)) .append("';\""); } } @@ -434,9 +434,9 @@ public class RadioChoice<T> extends AbstractSingleSelectChoice<T> implements IOn for (Map.Entry<String, Object> attr : attrs.entrySet()) { buffer.append(" ") - .append(attr.getKey()) + .append(Strings.escapeMarkup(attr.getKey())) .append("=\"") - .append(attr.getValue()) + .append(Strings.escapeMarkup(attr.getValue().toString())) .append("\""); } } @@ -470,7 +470,7 @@ public class RadioChoice<T> extends AbstractSingleSelectChoice<T> implements IOn } buffer.append("<label for=\"") - .append(idAttr) + .append(Strings.escapeMarkup(idAttr)) .append("\">") .append(escaped) .append("</label>");
