Hi,
If you want to make sure none of your developers use his/her fat fingers
you might register at application level a IComponentOnBeforeRenderListener that
checks/sets this to true. If you want to exclude some components you can
create some annotation to mark components that are allowed to have this set
to false.
On Wed, Oct 28, 2020 at 8:57 AM Arunachalam Sibisakkaravarthi <
arunacha...@mcruncher.com> wrote:
> Thanks Maxim Solodovnik.
> It took me a while to identify the problem.
> Your reply helped me, in my case 'setEscapeModelStrings(false)' was set on
> the feedback panel.
> The problem is solved after removing it.
>
>
>
>
> *Thanks And RegardsSibi.ArunachalammCruncher*
>
>
> On Tue, Oct 27, 2020 at 9:01 AM Maxim Solodovnik <solomax...@gmail.com>
> wrote:
>
> > You can completely disable inline scripts using strict CSP
> > And of cause this is you who output the script entered to the page :)
> > If it is done via Label just remove 'setEscapeModelStrings(false)'
> >
> > If you need to accept and display HTML input, you can 'sanitize' form
> value
> >
> > from mobile (sorry for typos ;)
> >
> >
> > On Tue, Oct 27, 2020, 07:34 Arunachalam Sibisakkaravarthi <
> > arunacha...@mcruncher.com> wrote:
> >
> > > Hi guys,
> > > JS script alert is displayed when user input <script>alert('xss
> > > attacks')</script> and submit the form. How to handle this? Basically I
> > > want to prevent Cross-Site-Scripting from user inputs.
> > > Is it possible to do this globally since our Wicket Webapp is big?
> > > I found the below post which is discussed in 2010.
> > > Preventing-user-input-script-injection-attacks
> > > <
> > >
> >
> http://apache-wicket.1842946.n4.nabble.com/Preventing-user-input-script-injection-attacks-td3059119.html
> > > >
> > >
> > >
> > >
> > > *Thanks And RegardsSibi.ArunachalammCruncher*
> > >
> >
>
--
Regards - Ernesto Reinaldo Barreiro
