Ramon van Sparrentak created WICKET-6155:
--------------------------------------------
Summary: Newline in ModalWindow title
Key: WICKET-6155
URL: https://issues.apache.org/jira/browse/WICKET-6155
Project: Wicket
Issue Type: Bug
Components: wicket-extensions
Affects Versions: 6.22.0
Reporter: Ramon van Sparrentak
Priority: Minor
Setting a newline (\n) in the title of ModalWindow crashes, because the newline
is used unescaped in JavaScript (only HTML is escaped) and breaks the generated
string literal.
Reproduction steps:
Create the modal-window example project.
Change the title:
add(modal1 = new ModalWindow("modal1"));
modal1.setTitle("modal title\n with newline");
Start the application and open the modal window.
Exception evaluating javascript: SyntaxError: unterminated string literal,
text: (function(){var settings = new Object();
...
settings.cookieId="modal-1";
settings.title="modal title
with newline";
...
Note that the newline ends up unescaped. The string literal generation code is
in getWindowOpenJavaScript#getWindowOpenJavaScript()
String title = getTitle() != null ? getTitle().getObject() : null;
if (title != null)
{
String escaped = getDefaultModelObjectAsString(title);
appendAssignment(buffer, "settings.title", escaped);
}
getDefaultModelObjectAsString does escape HTML (if flag is set), but does not
escape the JavaScript.
Perhaps #appendAssignment() should escape the value?
Same for the characters \ and \r
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
