doubleselect does not escape quotes in doublelist values
--------------------------------------------------------
Key: WW-3047
URL: https://issues.apache.org/struts/browse/WW-3047
Project: Struts 2
Issue Type: Bug
Affects Versions: 2.0.14
Environment: Tomcat 5.5.17, Windows XP SP2, Firefox 3.0.7
Reporter: Lee Clemens
Using:
<s:doubleselect name="priId" doubleName="subId"
list="mainList" doubleList="subList"
listKey="value" doubleListKey="value"
listValue="label" doubleListValue="label"/>
mainList is a class which contains getSubList(), which returns a list for the
second drop down.
Both Lists contain classes which contain getValue() and getLabel() methods.
A quoted value is properly escaped if from the 'list'; however, the
'doublelist' values are not escaped:
Example of resultant HTML:
List is escaped:
<option value="abc">"quotedString"</option>
However, generated JavaScript for the doubleselect is not escaped:
FormName_doubleSelectFoo[123][0] = new Option(""quotedString"", "123");
Which causes the second drop down box to only contain an empty option
(presumably from error in JavaScript).
I haven't tested this to ensure it escapes the Labels, however the same issue
may be present there.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
