Custom message/hint strings used by validators should be escaped.
-----------------------------------------------------------------
Key: TRINIDAD-1231
URL: https://issues.apache.org/jira/browse/TRINIDAD-1231
Project: MyFaces Trinidad
Issue Type: Bug
Components: Components
Affects Versions: 1.2.9-core, 1.0.9-core
Reporter: Cale Scholl
Priority: Minor
Whenever a validator has an attribute hintXYZ or messageDetailXYZ that allows
for a custom string, we should escape that string whenever we write it. For
example, when we _applyCustomMessages, we should do:
String maxMsgDetail = XhtmlUtils.escapeJS(getMessageDetailMaximum());
This way, if the programmer writes a custom message of "Isn't" instead of
"Isn\'t", the error will be fixed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
