WICKET-6155 escape JavaScript object values
Project: http://git-wip-us.apache.org/repos/asf/wicket/repo Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/be7cd7cf Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/be7cd7cf Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/be7cd7cf Branch: refs/heads/WICKET-6183 Commit: be7cd7cf4201a01e860321fab813aeecbdc18eb9 Parents: 96ba488 Author: Sven Meier <[email protected]> Authored: Fri May 20 17:26:01 2016 +0200 Committer: Andrea Del Bene <[email protected]> Committed: Fri May 27 13:12:16 2016 +0200 ---------------------------------------------------------------------- .../examples/ajax/builtin/modal/ModalWindowPage.java | 2 +- .../extensions/ajax/markup/html/modal/ModalWindow.java | 11 +++++++++-- 2 files changed, 10 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/wicket/blob/be7cd7cf/wicket-examples/src/main/java/org/apache/wicket/examples/ajax/builtin/modal/ModalWindowPage.java ---------------------------------------------------------------------- diff --git a/wicket-examples/src/main/java/org/apache/wicket/examples/ajax/builtin/modal/ModalWindowPage.java b/wicket-examples/src/main/java/org/apache/wicket/examples/ajax/builtin/modal/ModalWindowPage.java index ed40cb5..49b9440 100644 --- a/wicket-examples/src/main/java/org/apache/wicket/examples/ajax/builtin/modal/ModalWindowPage.java +++ b/wicket-examples/src/main/java/org/apache/wicket/examples/ajax/builtin/modal/ModalWindowPage.java @@ -91,7 +91,7 @@ public class ModalWindowPage extends BasePage add(modal2 = new ModalWindow("modal2")); modal2.setContent(new ModalPanel1(modal2.getContentId())); - modal2.setTitle("This is modal window with panel content."); + modal2.setTitle("Modal window\n'panel\" content."); modal2.setCookieName("modal-2"); modal2.setCloseButtonCallback(new ModalWindow.CloseButtonCallback() http://git-wip-us.apache.org/repos/asf/wicket/blob/be7cd7cf/wicket-extensions/src/main/java/org/apache/wicket/extensions/ajax/markup/html/modal/ModalWindow.java ---------------------------------------------------------------------- diff --git a/wicket-extensions/src/main/java/org/apache/wicket/extensions/ajax/markup/html/modal/ModalWindow.java b/wicket-extensions/src/main/java/org/apache/wicket/extensions/ajax/markup/html/modal/ModalWindow.java index bab4c36..f3ef575 100644 --- a/wicket-extensions/src/main/java/org/apache/wicket/extensions/ajax/markup/html/modal/ModalWindow.java +++ b/wicket-extensions/src/main/java/org/apache/wicket/extensions/ajax/markup/html/modal/ModalWindow.java @@ -42,6 +42,7 @@ import org.apache.wicket.resource.CoreLibrariesContributor; import org.apache.wicket.util.io.IClusterable; import org.apache.wicket.util.lang.EnumeratedType; import org.apache.wicket.util.string.AppendingStringBuffer; +import org.apache.wicket.util.string.Strings; /** * Modal window component. @@ -1163,10 +1164,16 @@ public class ModalWindow extends Panel * @param key * @param value */ - private void appendAssignment(final AppendingStringBuffer buffer, final CharSequence key, - final CharSequence value) + private void appendAssignment(final AppendingStringBuffer buffer, final CharSequence key, CharSequence value) { buffer.append(key).append("=\""); + + if (value != null) + { + value = Strings.replaceAll(value, "\"", "\\\""); + value = Strings.replaceAll(value, "\n", "\\n"); + } + buffer.append(value); buffer.append("\";\n"); }
